cbcvebase.
CVE-2022-23650
published 2022-02-18

CVE-2022-23650: Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded…

PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.52%
71.4th percentile
Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comgravitl_netmaker>= 0 < 0.8.50.8.5
github.comgravitl_netmaker>= 0.9.0 < 0.9.40.9.4
gravitlnetmaker< 0.8.50.8.5
gravitlnetmaker
netmakernetmaker< 0.8.50.8.5
netmakernetmaker>= 0.9.0 < 0.9.40.9.4

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.