CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.9%
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIXβs data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.
Recent assessments:
noraj at March 09, 2022 8:03pm UTC reported:
IP restriction bypass via X-REAL-IP HTTP header then SSRF and RCE on admin route with LUA code executed via scripts
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 2
packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html
packetstormsecurity.com/files/166328/Apache-APISIX-2.12.1-Remote-Code-Execution.html
www.openwall.com/lists/oss-security/2022/02/11/3
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24112
github.com/M4xSec/Apache-APISIX-CVE-2022-24112
github.com/Mr-xn/CVE-2022-24112
github.com/Udyz/CVE-2022-24112
lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94
www.youtube.com/watch?v=yrCXamnX9No
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.9%