9.8

CVE-2022-24112

Warnung
Exploit

apisix/batch-requests plugin allows overwriting the X-REAL-IP header

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheApisix Version < 2.10.4
ApacheApisix Version >= 2.11.0 < 2.12.1

25.08.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apache APISIX Authentication Bypass Vulnerability

Schwachstelle

Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 96.18% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html
Third Party Advisory
Exploit
VDB Entry
http://packetstormsecurity.com/files/166328/Apache-APISIX-2.12.1-Remote-Code-Execution.html
Third Party Advisory
Exploit
VDB Entry
http://www.openwall.com/lists/oss-security/2022/02/11/3
Third Party Advisory
Mailing List
Mitigation
https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94
Vendor Advisory
Mailing List
Mitigation
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24112
Third Party Advisory
US Government Resource