Shulou(Shulou.com)06/01 Report--

How to advertise unauthorized vulnerabilities in Kong API gateways? in view of this problem, this article introduces the corresponding analysis and answers in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

0x00 vulnerability background

On April 16, 2020, 360CERT monitoring found that security vendors in the industry issued a risk notice for unauthorized vulnerabilities in Kong Admin Restful API gateways. The vulnerability number is CVE-2020-11710, and the vulnerability level is high risk.

Kong API gateway is one of the most popular cloud native API gateways, with two branches: open source version and enterprise version. It is widely used in API access middleware in cloud native, micro-service, distributed and non-service cloud function scenarios, providing authentication, forwarding, load balancing, monitoring and other capabilities for cloud native applications.

There is an unauthorized access vulnerability in the Kong API gateway administrator control interface. Attackers can directly control the Kong API gateway and make it an open traffic proxy through the API gateway administrator control interface, so as to access the internal sensitive services.

In this regard, 360CERT recommends that the majority of users timely install the latest patches, do a good job of asset self-examination and prevention work, so as to avoid hacker attacks.

0x01 risk rating

360CERT's assessment of the vulnerability is as follows

Assessment methods, threat levels, high risk impact surfaces, limited 0x02 vulnerability details

Kong is usually used by enterprises as API gateways for cloud native architecture, and the construction method usually follows official guidelines. And the Kong official in the installation guidelines for the actual deployment through docker in the demonstration

By default, Admin Restful API (port: 8001amp 8444) is also exposed on the public network, which in turn gives the attacker complete control over all the behavior of the Kong gateway.

Actions that an attacker can perform include, but are not limited to:

Add a route to point to the key services of the private network

Make Kong a proxy node, sniffing internal services that can be accessed

Docker-p listens 0.0.0.0 by default, which means that all traffic destined for the forwarding port will enter the docker container.

0x03 affects version

Kong: < V2.0.3

0x04 repair recommendations General patching recommendations:

Upgrade to

Git commit

D693827c32144943a2f45abc017c1321b33ff611 version

Download address: Kong git commit patch address.

Https://github.com/Kong/docker-kong/commit/dfa095cadf7e8309155be51982d8720daf32e31c

Temporary patching recommendations:

Modify the content in docker-compose.yaml to limit the port mapping to 127.0.0.1

Prohibit external traffic from entering Kong Admin Restful API-related ports through devices such as IPS/ firewalls

0x05 related spatial mapping data

Through surveying and mapping the assets of the whole network, it is found that Kong API gateways are widely used at home and abroad, as shown in the following figure.

0x06 product side solution 360city-level network security monitoring service

The QUAKE asset mapping platform of the security brain monitors such vulnerabilities by means of asset mapping technology, and asks users to contact the relevant product area leaders to obtain the corresponding products.

This is the answer to the question on how to advertise unauthorized vulnerabilities in the Kong API gateway. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.