CVE-2023-32077
published 2023-08-24CVE-2023-32077: Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to…
PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.15%
86.3th percentile
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | gravitl_netmaker | >= 0 < 0.17.1 | 0.17.1 |
| github.com | gravitl_netmaker | >= 0.18.0 < 0.18.6 | 0.18.6 |
| gravitl | netmaker | < 0.17.1 | 0.17.1 |
| gravitl | netmaker | — | — |
| netmaker | netmaker | < 0.17.1 | 0.17.1 |
| netmaker | netmaker | 0.18.0 – 0.18.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated exploitation attempts against the Netmaker DNS API endpoint: look for GET requests to /api/dns with the Authorization header value 'x secretkey' returning HTTP 200 with JSON body containing 'address', 'network', and 'name' fields. ↗
- →Shodan/FOFA fingerprinting: Netmaker instances can be identified by HTML body containing the string 'netmaker', which can be used to scope detection to exposed instances. ↗
- ·The hardcoded DNS secret key ('x secretkey') is present in Netmaker versions prior to 0.17.1 and 0.18.6. Versions 0.18.0–0.18.5 are confirmed vulnerable and require upgrade to 0.18.6 or later. ↗
- ·For users on 0.17.1, pulling the latest Docker image and restarting is sufficient: `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker
osv·2024-08-21
CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker
Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker
Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker
OSV
Netmaker has Hardcoded DNS Secret Key
osv·2023-08-25
CVE-2023-32077 [HIGH] Netmaker has Hardcoded DNS Secret Key
Netmaker has Hardcoded DNS Secret Key
### Impact
Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
### Patches
Issue is patched in 0.17.1, and fixed in 0.18.6+.
If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will switch them to the patched users
If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later.
### Workarounds
If using 0.17.1, can just pull the latest docker image of backend and restart server.
### References
Credit to Project Discovery, and in particular https://github.com/rootxharsh , https://github.com/iamnoooob, and https://github.com/projectdiscovery
GHSA
Netmaker has Hardcoded DNS Secret Key
ghsa·2023-08-25
CVE-2023-32077 [HIGH] CWE-321 Netmaker has Hardcoded DNS Secret Key
Netmaker has Hardcoded DNS Secret Key
### Impact
Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
### Patches
Issue is patched in 0.17.1, and fixed in 0.18.6+.
If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will switch them to the patched users
If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later.
### Workarounds
If using 0.17.1, can just pull the latest docker image of backend and restart server.
### References
Credit to Project Discovery, and in particular https://github.com/rootxharsh , https://github.com/iamnoooob, and https://github.com/projectdiscovery
No detection rules found.
Nuclei
Netmaker - Hardcoded DNS Secret Key
nuclei·CVSS 7.5
CVE-2023-32077 [HIGH] Netmaker - Hardcoded DNS Secret Key
Netmaker - Hardcoded DNS Secret Key
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
Template:
id: CVE-2023-32077
info:
name: Netmaker - Hardcoded DNS Secret Key
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
impact: |
Unauthenticated attackers can access DNS API endpoints using the hardcoded secret key, potentially manipulating DNS configurations and redirecting WireGuard network traffic in the Netmaker VPN infrastructure.
remediation: |
Update
https://github.com/gravitl/netmaker/commit/1621c27c1d176b639e9768b2acad7693e387fd51https://github.com/gravitl/netmaker/commit/9362c39a9a822f0e07361aa7c77af2610597e657https://github.com/gravitl/netmaker/pull/2170https://github.com/gravitl/netmaker/security/advisories/GHSA-8x8h-hcq8-jwwxhttps://github.com/gravitl/netmaker/commit/1621c27c1d176b639e9768b2acad7693e387fd51https://github.com/gravitl/netmaker/commit/9362c39a9a822f0e07361aa7c77af2610597e657https://github.com/gravitl/netmaker/pull/2170https://github.com/gravitl/netmaker/security/advisories/GHSA-8x8h-hcq8-jwwx
2023-08-24
Published