CVE-2022-23650
published 2022-02-18CVE-2022-23650: Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded…
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.52%
71.4th percentile
Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | gravitl_netmaker | >= 0 < 0.8.5 | 0.8.5 |
| github.com | gravitl_netmaker | >= 0.9.0 < 0.9.4 | 0.9.4 |
| gravitl | netmaker | < 0.8.5 | 0.8.5 |
| gravitl | netmaker | — | — |
| netmaker | netmaker | < 0.8.5 | 0.8.5 |
| netmaker | netmaker | >= 0.9.0 < 0.9.4 | 0.9.4 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker
osv·2024-08-21
CVE-2022-23650 Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker
Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker
Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker
GHSA
Use of Hard-coded Cryptographic Key in Netmaker
ghsa·2022-02-22
CVE-2022-23650 [HIGH] CWE-321 Use of Hard-coded Cryptographic Key in Netmaker
Use of Hard-coded Cryptographic Key in Netmaker
### Impact
There is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server, if you know the address and username of the admin. This effects the server (netmaker) component, and not clients.
### Patches
This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. If you are running these versions, the fix is to perform the following:
1. docker-compose down
2. docker pull gravitl/netmaker:( version )
3. docker-compose up -d
#### Additional Information
If you are running **any other version**, you will need to upgrade to one of these three versions. If you have a special circumstance that requires running a different version, let us know and we may be able to build a custom patch.
#
OSV
Use of Hard-coded Cryptographic Key in Netmaker
osv·2022-02-22
CVE-2022-23650 [HIGH] Use of Hard-coded Cryptographic Key in Netmaker
Use of Hard-coded Cryptographic Key in Netmaker
### Impact
There is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server, if you know the address and username of the admin. This effects the server (netmaker) component, and not clients.
### Patches
This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. If you are running these versions, the fix is to perform the following:
1. docker-compose down
2. docker pull gravitl/netmaker:( version )
3. docker-compose up -d
#### Additional Information
If you are running **any other version**, you will need to upgrade to one of these three versions. If you have a special circumstance that requires running a different version, let us know and we may be able to build a custom patch.
#
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/gravitl/netmaker/commit/3d4f44ecfe8be4ca38920556ba3b90502ffb4feehttps://github.com/gravitl/netmaker/commit/e9bce264719f88c30e252ecc754d08f422f4c080https://github.com/gravitl/netmaker/pull/781/commits/1bec97c662670dfdab804343fc42ae4b1d050a87https://github.com/gravitl/netmaker/security/advisories/GHSA-86f3-hf24-76q4https://github.com/gravitl/netmaker/commit/3d4f44ecfe8be4ca38920556ba3b90502ffb4feehttps://github.com/gravitl/netmaker/commit/e9bce264719f88c30e252ecc754d08f422f4c080https://github.com/gravitl/netmaker/pull/781/commits/1bec97c662670dfdab804343fc42ae4b1d050a87https://github.com/gravitl/netmaker/security/advisories/GHSA-86f3-hf24-76q4
2022-02-18
Published