CVE-2022-23650 in Netmakerinfo

Summary

by MITRE • 02/19/2022

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

GitHub, Inc.

Reservation

01/19/2022

Disclosure

02/19/2022

Moderation

accepted

CPE

ready

EPSS

0.01520

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!