Published: 07/12/2020 Updated: 19/04/2022

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache apisix

oss-sec mailing list archives   By Date By Thread </form>    [SECURITY] CVE-2020-13945: Apache APISIX's Admin API default access token vulnerability  <!--X-Head ...

Apisix系列漏洞：未授权漏洞（CVE-2021-45232）、默认秘钥（CVE-2020-13945）批量探测。

Apisix_Crack 概述 Apisix系列漏洞探测利用工具，包括未授权访问漏洞（CVE-2021-45232）和默认秘钥漏洞（CVE-2020-13945），支持批量探测利用。使用方法批量探测：文件中逐行写入需要检测的URL，参数-TF 指定文件 -t 并发数量单个目标探测：-T xxxx 执行效果玉兔安全致力于web安全、红蓝

NVD-CWE-Other https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/YutuSec/Apisix_Crack http://seclists.org/oss-sec/2020/q4/187

CVE-2020-13945

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect