CVE-2022-23650

HIGH Year: 2022
CVSS v3 Score
8.8
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-321
View all →

Vulnerability Description

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds.

Related Vulnerabilities

CVE-2020-7846

HIGH
CVSS:8.8(High)

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web pag...

CWE-3212020

CVE-2021-27392

HIGH
CVSS:8.8(High)

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Vi...

CWE-3212021

CVE-2022-0664

HIGH
CVSS:8.8(High)

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.

CWE-3212022

CVE-2022-20868

HIGH
CVSS:8.8(High)

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker...

CWE-3212022

CVE-2023-20038

HIGH
CVSS:8.8(High)

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credenti...

CWE-3212023