CVE-2022-0664 gravitl CVE debrief

Who should care

Organizations operating Netmaker-based virtual networks; security teams managing WireGuard infrastructure; DevOps engineers deploying network mesh solutions; compliance officers responsible for cryptographic key management controls

Technical summary

Netmaker versions prior to 0.8.5 and 0.9.4 embed a static cryptographic key within the application binary. This hard-coded key enables attackers to forge valid authentication tokens or decrypt sensitive communications, achieving unauthenticated administrative access to the Netmaker control plane. The vulnerability is exploitable remotely without credentials and grants complete control over virtual network configuration, peer management, and access policies.

Defensive priority

critical

Recommended defensive actions

• Upgrade Netmaker installations to version 0.8.5 or later (for 0.8.x track), 0.9.4 or later (for 0.9.x track), or 0.10.0/0.10.1 or later
• Audit access logs for unauthorized administrative actions between deployment date and patch application
• Rotate all Netmaker administrative credentials and API tokens following upgrade
• Verify cryptographic key configuration uses environment variables or secure key management rather than compiled values
• Review network segmentation to limit Netmaker server exposure to authorized administrative hosts only

Evidence notes

NVD CPE confirms vulnerable versions: all versions before 0.8.5, and 0.9.0 through 0.9.3. Huntr advisory documents exploitation path. GitHub commit 9bee126 provides patch verification.

Official resources