CVE-2020-13945 Scanner

Detects 'Remote Code Execution (RCE)' vulnerability in Apache APISIX affects v. 1.2, 1.3, 1.4, 1.5.

Short Info

Level

Medium

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Toolbox

-

Apache APISIX is a cloud-native microservices API gateway, known for its exceptional performance, low-latency, and code-level APIs. This open-source project provides world-class API delivery efficiency, rich traffic management features, and an easy-to-use service mesh that connects microservices-oriented systems to external APIs. It is primarily used for API traffic management, routing, and executing microservices such as authentication, rate limiting, and load balancing. The Apache APISIX gateway has gained immense popularity due to its advanced features, ease of use, low cost, scalability, and real-time observability.

CVE-2020-13945 is a vulnerability found in Apache APISIX that can lead to unauthorized access to the management interface of the API Gateway. This vulnerability occurs when an admin user enables the Admin API and then deletes the Admin API access IP restriction rules. When this happens, the default token is allowed to access APISIX management data, compromising the integrity of the gateway. CVE-2020-13945 is rated as a critical vulnerability and has affected versions 1.2, 1.3, 1.4, and 1.5 of Apache APISIX.

When CVE-2020-13945 is exploited, it can lead to the unauthorized access of sensitive API gateway management information and the ability to make unauthorized configuration changes. If the attacker gains access, they can use the Gateway management interface to redirect traffic to malicious endpoints, take control of authenticated gateway users, and carry out malicious actions on the entire system. This will lead to loss of data, reputation damage, and financial losses to organizations that use Apache APISIX.

In conclusion, security is crucial to protect digital assets, and it is essential to know about vulnerabilities such as CVE-2020-13945 in Apache APISIX. With the pro features of the securityforeveryone.com platform, digital asset owners can easily and quickly learn about vulnerabilities in their digital assets, get detailed reports, and take the necessary precautions to safeguard their assets. Stay safe with securityforeveryone.com.

REFERENCES

https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.

Try it yourself,
control security posture

Get free usage

Learn More About Product