ID

VAR-202012-0118


CVE

CVE-2020-13945


TITLE

Apache APISIX  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014822

DESCRIPTION

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5. Apache APISIX Contains an unspecified vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2020-13945 // JVNDB: JVNDB-2020-014822 // VULMON: CVE-2020-13945

AFFECTED PRODUCTS

vendor:apachemodel:apisixscope:lteversion:1.5

Trust: 1.0

vendor:apachemodel:apisixscope:gteversion:1.2

Trust: 1.0

vendor:apachemodel:apisixscope:eqversion:1.3

Trust: 0.8

vendor:apachemodel:apisixscope:eqversion:1.5

Trust: 0.8

vendor:apachemodel:apisixscope:eqversion: -

Trust: 0.8

vendor:apachemodel:apisixscope:eqversion:1.4

Trust: 0.8

vendor:apachemodel:apisixscope:eqversion:1.2

Trust: 0.8

sources: JVNDB: JVNDB-2020-014822 // NVD: CVE-2020-13945

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-13945
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-13945
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202012-424
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-13945
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-13945
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-13945
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-13945
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-13945 // JVNDB: JVNDB-2020-014822 // CNNVD: CNNVD-202012-424 // NVD: CVE-2020-13945

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014822 // NVD: CVE-2020-13945

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-424

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-424

PATCH

title:[SECURITY] CVE-2020-13945url:https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E

Trust: 0.8

title:Apache Apisix Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137138

Trust: 0.6

title: - url:https://github.com/YutuSec/Apisix_Crack

Trust: 0.1

sources: VULMON: CVE-2020-13945 // JVNDB: JVNDB-2020-014822 // CNNVD: CNNVD-202012-424

EXTERNAL IDS

db:NVDid:CVE-2020-13945

Trust: 2.5

db:PACKETSTORMid:166228

Trust: 1.7

db:JVNDBid:JVNDB-2020-014822

Trust: 0.8

db:CNNVDid:CNNVD-202012-424

Trust: 0.6

db:VULMONid:CVE-2020-13945

Trust: 0.1

sources: VULMON: CVE-2020-13945 // JVNDB: JVNDB-2020-014822 // CNNVD: CNNVD-202012-424 // NVD: CVE-2020-13945

REFERENCES

url:https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3cdev.apisix.apache.org%3e

Trust: 1.7

url:http://packetstormsecurity.com/files/166228/apache-apisix-remote-code-execution.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-13945

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://github.com/yutusec/apisix_crack

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/oss-sec/2020/q4/187

Trust: 0.1

sources: VULMON: CVE-2020-13945 // JVNDB: JVNDB-2020-014822 // CNNVD: CNNVD-202012-424 // NVD: CVE-2020-13945

SOURCES

db:VULMONid:CVE-2020-13945
db:JVNDBid:JVNDB-2020-014822
db:CNNVDid:CNNVD-202012-424
db:NVDid:CVE-2020-13945

LAST UPDATE DATE

2024-11-23T21:33:16.113000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-13945date:2022-04-19T00:00:00
db:JVNDBid:JVNDB-2020-014822date:2021-09-01T04:52:00
db:CNNVDid:CNNVD-202012-424date:2022-03-08T00:00:00
db:NVDid:CVE-2020-13945date:2024-11-21T05:02:12.277

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-13945date:2020-12-07T00:00:00
db:JVNDBid:JVNDB-2020-014822date:2021-09-01T00:00:00
db:CNNVDid:CNNVD-202012-424date:2020-12-07T00:00:00
db:NVDid:CVE-2020-13945date:2020-12-07T20:15:12.557