ID

VAR-202202-0171


CVE

CVE-2022-24112


TITLE

Apache APISIX  Spoofing authentication evasion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005565

DESCRIPTION

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. Apache APISIX Exists in spoofing authentication evasion vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apache Apisix is a cloud-native microservice API gateway service of the Apache Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plug-in hot loading, suitable for API management under the microservice system. The vulnerability stems from the fact that the batch-requests plugin of the product does not effectively limit the user's batch requests

Trust: 2.25

sources: NVD: CVE-2022-24112 // JVNDB: JVNDB-2022-005565 // CNVD: CNVD-2022-12799 // VULMON: CVE-2022-24112

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-12799

AFFECTED PRODUCTS

vendor:apachemodel:apisixscope:ltversion:2.10.4

Trust: 1.6

vendor:apachemodel:apisixscope:ltversion:2.12.1

Trust: 1.0

vendor:apachemodel:apisixscope:gteversion:2.11.0

Trust: 1.0

vendor:apachemodel:apisixscope:eqversion: -

Trust: 0.8

vendor:apachemodel:apisixscope: - version: -

Trust: 0.8

vendor:apachemodel:apisixscope:gteversion:2.11.0,<2.12.1

Trust: 0.6

sources: CNVD: CNVD-2022-12799 // JVNDB: JVNDB-2022-005565 // NVD: CVE-2022-24112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-24112
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-24112
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-12799
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202202-1030
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-24112
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-24112
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-12799
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-24112
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-24112
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-12799 // VULMON: CVE-2022-24112 // JVNDB: JVNDB-2022-005565 // CNNVD: CNNVD-202202-1030 // NVD: CVE-2022-24112

PROBLEMTYPE DATA

problemtype:CWE-290

Trust: 1.0

problemtype:Avoid authentication by spoofing (CWE-290) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005565 // NVD: CVE-2022-24112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1030

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-1030

PATCH

title:apisix/batch-requests plugin allows overwriting the X-REAL-IP headerurl:https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94

Trust: 0.8

title:Patch for Apache Apisix Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/321071

Trust: 0.6

title:Apache APISIX Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=181993

Trust: 0.6

title:CVE-2022-24112url:https://github.com/Udyz/CVE-2022-24112

Trust: 0.1

title:CVE-2022-24112url:https://github.com/Mah1ndra/CVE-2022-24112

Trust: 0.1

title:Apache-APISIX-CVE-2022-24112url:https://github.com/M4xSec/Apache-APISIX-CVE-2022-24112

Trust: 0.1

title:cve-2022-24112url:https://github.com/twseptian/cve-2022-24112

Trust: 0.1

title:CVE-2022-24112url:https://github.com/shakeman8/CVE-2022-24112

Trust: 0.1

title:CVE-2022-244112url:https://github.com/Mah1ndra/CVE-2022-244112

Trust: 0.1

title:CVE-2022-24112-POCurl:https://github.com/kavishkagihan/CVE-2022-24112-POC

Trust: 0.1

title:CVE-2022-24112url:https://github.com/Mr-xn/CVE-2022-24112

Trust: 0.1

title:CVE-2022-24112url:https://github.com/Axx8/CVE-2022-24112

Trust: 0.1

title:Apache-APISIX-dashboard-RCEurl:https://github.com/Greetdawn/Apache-APISIX-dashboard-RCE

Trust: 0.1

title:FrameVulurl:https://github.com/Awrrays/FrameVul

Trust: 0.1

title: - url:https://github.com/soosmile/POC

Trust: 0.1

sources: CNVD: CNVD-2022-12799 // VULMON: CVE-2022-24112 // JVNDB: JVNDB-2022-005565 // CNNVD: CNNVD-202202-1030

EXTERNAL IDS

db:NVDid:CVE-2022-24112

Trust: 3.9

db:PACKETSTORMid:166328

Trust: 2.5

db:PACKETSTORMid:166228

Trust: 2.5

db:OPENWALLid:OSS-SECURITY/2022/02/11/3

Trust: 1.7

db:JVNDBid:JVNDB-2022-005565

Trust: 0.8

db:CNVDid:CNVD-2022-12799

Trust: 0.6

db:CS-HELPid:SB2022021408

Trust: 0.6

db:CXSECURITYid:WLB-2022030040

Trust: 0.6

db:CXSECURITYid:WLB-2022030068

Trust: 0.6

db:EXPLOIT-DBid:50829

Trust: 0.6

db:CNNVDid:CNNVD-202202-1030

Trust: 0.6

db:VULMONid:CVE-2022-24112

Trust: 0.1

sources: CNVD: CNVD-2022-12799 // VULMON: CVE-2022-24112 // JVNDB: JVNDB-2022-005565 // CNNVD: CNNVD-202202-1030 // NVD: CVE-2022-24112

REFERENCES

url:http://packetstormsecurity.com/files/166228/apache-apisix-remote-code-execution.html

Trust: 3.1

url:http://packetstormsecurity.com/files/166328/apache-apisix-2.12.1-remote-code-execution.html

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24112

Trust: 2.0

url:https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2022/02/11/3

Trust: 1.7

url:https://www.exploit-db.com/exploits/50829

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022030040

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021408

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022030068

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/290.html

Trust: 0.1

url:https://github.com/udyz/cve-2022-24112

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-12799 // VULMON: CVE-2022-24112 // JVNDB: JVNDB-2022-005565 // CNNVD: CNNVD-202202-1030 // NVD: CVE-2022-24112

CREDITS

Ven3xy

Trust: 0.6

sources: CNNVD: CNNVD-202202-1030

SOURCES

db:CNVDid:CNVD-2022-12799
db:VULMONid:CVE-2022-24112
db:JVNDBid:JVNDB-2022-005565
db:CNNVDid:CNNVD-202202-1030
db:NVDid:CVE-2022-24112

LAST UPDATE DATE

2024-08-14T15:42:35.022000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-12799date:2022-02-21T00:00:00
db:VULMONid:CVE-2022-24112date:2022-05-11T00:00:00
db:JVNDBid:JVNDB-2022-005565date:2023-06-05T09:23:00
db:CNNVDid:CNNVD-202202-1030date:2022-03-17T00:00:00
db:NVDid:CVE-2022-24112date:2022-05-11T14:58:01.343

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-12799date:2022-02-20T00:00:00
db:VULMONid:CVE-2022-24112date:2022-02-11T00:00:00
db:JVNDBid:JVNDB-2022-005565date:2023-06-05T00:00:00
db:CNNVDid:CNNVD-202202-1030date:2022-02-11T00:00:00
db:NVDid:CVE-2022-24112date:2022-02-11T13:15:08.073