Strix
26.1K

CVE-2023-32077

HIGHCVSS 7.5/10EPSS 3.15%

Last modified

CVE-2023-32077 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. EPSS estimates a 3.15% chance of exploitation in the next 30 days.

Description

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
3.15%

86.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NetmakerNetmaker< 0.17.1
NetmakerNetmaker>= 0.18.0, <= 0.18.5

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-32077?
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.
How severe is CVE-2023-32077?
CVE-2023-32077 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 3.15% probability of exploitation in the next 30 days.
How do I fix CVE-2023-32077?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-32077?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST