CVE-2020-13945 Scanner
CVE-2020-13945 scanner - Remote Code Execution (RCE) vulnerability in Apache APISIX
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Apache APISIX is a cloud-native microservices API gateway, known for its exceptional performance, low-latency, and code-level APIs. This open-source project provides world-class API delivery efficiency, rich traffic management features, and an easy-to-use service mesh that connects microservices-oriented systems to external APIs. It is primarily used for API traffic management, routing, and executing microservices such as authentication, rate limiting, and load balancing. The Apache APISIX gateway has gained immense popularity due to its advanced features, ease of use, low cost, scalability, and real-time observability.
CVE-2020-13945 is a vulnerability found in Apache APISIX that can lead to unauthorized access to the management interface of the API Gateway. This vulnerability occurs when an admin user enables the Admin API and then deletes the Admin API access IP restriction rules. When this happens, the default token is allowed to access APISIX management data, compromising the integrity of the gateway. CVE-2020-13945 is rated as a critical vulnerability and has affected versions 1.2, 1.3, 1.4, and 1.5 of Apache APISIX.
When CVE-2020-13945 is exploited, it can lead to the unauthorized access of sensitive API gateway management information and the ability to make unauthorized configuration changes. If the attacker gains access, they can use the Gateway management interface to redirect traffic to malicious endpoints, take control of authenticated gateway users, and carry out malicious actions on the entire system. This will lead to loss of data, reputation damage, and financial losses to organizations that use Apache APISIX.
In conclusion, security is crucial to protect digital assets, and it is essential to know about vulnerabilities such as CVE-2020-13945 in Apache APISIX. With the pro features of the s4e.io platform, digital asset owners can easily and quickly learn about vulnerabilities in their digital assets, get detailed reports, and take the necessary precautions to safeguard their assets. Stay safe with s4e.io.
REFERENCES
