CVE-2020-13945

MEDIUM NUCLEI

Apache APISIX <1.6 - Privilege Escalation

Title source: llm

Description

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.

Exploits (3)

nomisec WORKING POC 10 stars

by K3ysTr0K3R · poc

https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT

View Code ZIP pw:eip

nomisec WORKING POC 7 stars

by YutuSec · poc

https://github.com/YutuSec/Apisix_Crack

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apache_apisix_api_default_token_rce.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Apache APISIX - Insufficiently Protected Credentials

MEDIUMby pdteam

Shodan: http.title:"apache apisix dashboard"

FOFA: title="apache apisix dashboard"

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html

[Mailing List, Patch, Vendor Advisory] https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E

Scores

CVSS v3 6.5

EPSS 0.9343

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (1)

apache/apisix 1.2 - 1.5

Published Dec 07, 2020

Tracked Since Feb 18, 2026