Sign-up

ID

VAR-202202-0171


CVE

CVE-2022-24112


TITLE

Apache APISIX  Spoofing authentication evasion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005565

DESCRIPTION

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. Apache APISIX Exists in spoofing authentication evasion vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apache Apisix is a cloud-native microservice API gateway service of the Apache Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plug-in hot loading, suitable for API management under the microservice system. The vulnerability stems from the fact that the batch-requests plugin of the product does not effectively limit the user's batch requests

Trust: 2.25

sources: NVD: CVE-2022-24112 // JVNDB: JVNDB-2022-005565 // CNVD: CNVD-2022-12799 // VULMON: CVE-2022-24112

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-12799

AFFECTED PRODUCTS

vendor:apachemodel:apisixscope:ltversion:2.10.4

Trust: 1.6

vendor:apachemodel:apisixscope:gteversion:2.11.0

Trust: 1.0

vendor:apachemodel:apisixscope:ltversion:2.12.1

Trust: 1.0

vendor:apachemodel:apisixscope:eqversion: -

Trust: 0.8

vendor:apachemodel:apisixscope: - version: -

Trust: 0.8

vendor:apachemodel:apisixscope:gteversion:2.11.0,<2.12.1

Trust: 0.6

sources: CNVD: CNVD-2022-12799 // JVNDB: JVNDB-2022-005565 // NVD: CVE-2022-24112

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-24112
value: CRITICAL

Trust: 1.8

CNVD: CNVD-2022-12799
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202202-1030
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-24112
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2022-24112
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

CNVD: CNVD-2022-12799
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-24112
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-12799 // VULMON: CVE-2022-24112 // JVNDB: JVNDB-2022-005565 // NVD: CVE-2022-24112 // CNNVD: CNNVD-202202-1030

PROBLEMTYPE DATA

problemtype:CWE-290

Trust: 1.0

problemtype:Avoid authentication by spoofing (CWE-290) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005565 // NVD: CVE-2022-24112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1030

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-1030

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-24112

PATCH
title:apisix/batch-requests plugin allows overwriting the X-REAL-IP headerurl:https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94
Trust: 0.8
title:Patch for Apache Apisix Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/321071
Trust: 0.6
title:Apache APISIX Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=181993
Trust: 0.6
title:CVE-2022-24112url:https://github.com/udyz/cve-2022-24112 
Trust: 0.1
title:CVE-2022-24112url:https://github.com/mah1ndra/cve-2022-24112 
Trust: 0.1
title:Apache-APISIX-CVE-2022-24112url:https://github.com/m4xsec/apache-apisix-cve-2022-24112 
Trust: 0.1
title:cve-2022-24112url:https://github.com/twseptian/cve-2022-24112 
Trust: 0.1
title:CVE-2022-24112url:https://github.com/shakeman8/cve-2022-24112 
Trust: 0.1
title:CVE-2022-244112url:https://github.com/mah1ndra/cve-2022-244112 
Trust: 0.1
title:CVE-2022-24112-POCurl:https://github.com/kavishkagihan/cve-2022-24112-poc 
Trust: 0.1
title:CVE-2022-24112url:https://github.com/mr-xn/cve-2022-24112 
Trust: 0.1
title:CVE-2022-24112url:https://github.com/axx8/cve-2022-24112 
Trust: 0.1
title:Apache-APISIX-dashboard-RCEurl:https://github.com/greetdawn/apache-apisix-dashboard-rce 
Trust: 0.1
title:FrameVulurl:https://github.com/awrrays/framevul 
Trust: 0.1
title: - url:https://github.com/soosmile/poc 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2022-12799 // 
            
            
            
            VULMON: CVE-2022-24112 // 
            
            
            
            JVNDB: JVNDB-2022-005565 // 
            
            
            
            CNNVD: CNNVD-202202-1030

EXTERNAL IDS
db:NVDid:CVE-2022-24112
Trust: 3.9
db:PACKETSTORMid:166328
Trust: 2.5
db:PACKETSTORMid:166228
Trust: 2.5
db:OPENWALLid:OSS-SECURITY/2022/02/11/3
Trust: 1.7
db:JVNDBid:JVNDB-2022-005565
Trust: 0.8
db:CNVDid:CNVD-2022-12799
Trust: 0.6
db:CS-HELPid:SB2022021408
Trust: 0.6
db:CXSECURITYid:WLB-2022030040
Trust: 0.6
db:CXSECURITYid:WLB-2022030068
Trust: 0.6
db:EXPLOIT-DBid:50829
Trust: 0.6
db:CNNVDid:CNNVD-202202-1030
Trust: 0.6
db:VULMONid:CVE-2022-24112
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2022-12799 // 
            
            
            
            VULMON: CVE-2022-24112 // 
            
            
            
            JVNDB: JVNDB-2022-005565 // 
            
            
            
            NVD: CVE-2022-24112 // 
            
            
            
            CNNVD: CNNVD-202202-1030

REFERENCES
url:http://packetstormsecurity.com/files/166228/apache-apisix-remote-code-execution.html
Trust: 3.1
url:http://packetstormsecurity.com/files/166328/apache-apisix-2.12.1-remote-code-execution.html
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2022-24112
Trust: 2.0
url:https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94
Trust: 1.7
url:http://www.openwall.com/lists/oss-security/2022/02/11/3
Trust: 1.7
url:https://www.exploit-db.com/exploits/50829
Trust: 0.6
url:https://cxsecurity.com/issue/wlb-2022030040
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2022021408
Trust: 0.6
url:https://cxsecurity.com/issue/wlb-2022030068
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/290.html
Trust: 0.1
url:https://github.com/udyz/cve-2022-24112
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2022-12799 // 
            
            
            
            VULMON: CVE-2022-24112 // 
            
            
            
            JVNDB: JVNDB-2022-005565 // 
            
            
            
            NVD: CVE-2022-24112 // 
            
            
            
            CNNVD: CNNVD-202202-1030

CREDITS
Ven3xy
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202202-1030

SOURCES
db:CNVDid:CNVD-2022-12799
db:VULMONid:CVE-2022-24112
db:JVNDBid:JVNDB-2022-005565
db:NVDid:CVE-2022-24112
db:CNNVDid:CNNVD-202202-1030

LAST UPDATE DATE
2023-12-18T12:49:23.972000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2022-12799date:2022-02-21T00:00:00
db:VULMONid:CVE-2022-24112date:2022-05-11T00:00:00
db:JVNDBid:JVNDB-2022-005565date:2023-06-05T09:23:00
db:NVDid:CVE-2022-24112date:2022-05-11T14:58:01.343
db:CNNVDid:CNNVD-202202-1030date:2022-03-17T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2022-12799date:2022-02-20T00:00:00
db:VULMONid:CVE-2022-24112date:2022-02-11T00:00:00
db:JVNDBid:JVNDB-2022-005565date:2023-06-05T00:00:00
db:NVDid:CVE-2022-24112date:2022-02-11T13:15:08.073
db:CNNVDid:CNNVD-202202-1030date:2022-02-11T00:00:00