Vulnerability Details : CVE-2020-13945
Public exploit exists!
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Products affected by CVE-2020-13945
- cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-13945
0.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-13945
-
APISIX Admin API default access token RCE
Disclosure Date: 2020-12-07First seen: 2022-12-23exploit/multi/http/apache_apisix_api_default_token_rceApache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerab
CVSS scores for CVE-2020-13945
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2020-13945
-
https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E
Mailing List;Patch;Vendor Advisory
-
http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html
Apache APISIX Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to