CVE-2022-35413
published 2022-09-13CVE-2022-35413: WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information…
PriorityP183critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.48%
95.7th percentile
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pentasecurity | wapples | 4.0.54.1 – 6.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Shodan/FOFA fingerprint for exposed WAPPLES instances: search for HTTP title 'Intelligent WAPPLES' or 'intelligent wapples'. ↗
- →Attack uses a POST to /webapi/auth with Content-Type application/x-www-form-urlencoded and hardcoded credentials id=systemi&password=db/wp.no1. ↗
- ·Hardcoded credentials (systemi / db/wp.no1) are embedded in the WAPPLES configuration script; the password is not user-changeable in affected versions ≤6.0. ↗
- ·The vulnerability is exploitable over HTTPS on both standard port 443 and the management port 5001; both should be monitored/restricted. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rwxr-7mfr-m8cg: WAPPLES through 6
ghsa_unreviewed·2022-09-14
CVE-2022-35413 [CRITICAL] CWE-798 GHSA-rwxr-7mfr-m8cg: WAPPLES through 6
WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
VulnCheck
pentasecurity wapples Use of Hard-coded Credentials
vulncheck·2022·CVSS 9.8
CVE-2022-35413 [CRITICAL] pentasecurity wapples Use of Hard-coded Credentials
pentasecurity wapples Use of Hard-coded Credentials
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.
Affected: pentasecurity wapples
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-13&host_type=src&vulnerability=cve-2022-35413; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-17&host_type=src&vulnerability=cve-2022-35413; https://dashboard.shadowserve
No detection rules found.
Nuclei
WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
nuclei·CVSS 9.8
CVE-2022-35413 [CRITICAL] WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and confidential information, such as SSL keys, via an HTTPS request to the /webapi/ URI on port 443 or 5001.
Template:
id: CVE-2022-35413
info:
name: WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials
author: For3stCo1d
severity: critical
description: |
WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured
No writeups or analysis indexed.
https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overviewhttps://medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fbhttps://www.pentasecurity.com/product/wapples/https://azuremarketplace.microsoft.com/en/marketplace/apps/penta-security-systems-inc.wapples_sa_v6?tab=Overviewhttps://medium.com/%40_sadshade/wapples-web-application-firewall-multiple-vulnerabilities-35bdee52c8fbhttps://www.pentasecurity.com/product/wapples/
2022-09-13
Published
Exploited in the wild