// For flags

CVE-2022-32290

 

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device's client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn't represent a direct threat, because it doesn't expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server.

El cliente de Northern.tech Mender versiones 3.2.0, 3.2.1 y 3.2.2, presenta un Control de Acceso Incorrecto. Escucha en un puerto TCP aleatorio y no privilegiado y expone un proxy HTTP para facilitar las llamadas a la API desde componentes adicionales del cliente que se ejecutan en el dispositivo. Sin embargo, escucha en todas las interfaces de red en lugar de sólo en la interfaz localhost. Por lo tanto, cualquier cliente en la misma red puede conectarse a este puerto TCP y enviar peticiones HTTP. El Cliente Mender reenviará estas peticiones al Servidor Mender. Además, si mTLS está configurado, el Cliente Prestador será conectado al Servidor Prestador usando el certificado de cliente del dispositivo, lo que hace posible a el atacante omitir la autenticación mTLS y envíe peticiones al Servidor Prestador sin acceso directo al certificado del cliente y a la clave privada relacionada. El acceso al proxy HTTP desde la red local no representa una amenaza directa, porque no expone ningún dato específico del dispositivo o del servidor. Sin embargo, aumenta la superficie de ataque y puede ser un vector potencial para explotar otras vulnerabilidades tanto en el Cliente como en el Servidor

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-06-05 CVE Reserved
  • 2022-07-06 CVE Published
  • 2024-01-27 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-863: Incorrect Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Northern.tech
Search vendor "Northern.tech"
Mender
Search vendor "Northern.tech" for product "Mender"
3.2.0
Search vendor "Northern.tech" for product "Mender" and version "3.2.0"
-
Affected
Northern.tech
Search vendor "Northern.tech"
Mender
Search vendor "Northern.tech" for product "Mender"
3.2.1
Search vendor "Northern.tech" for product "Mender" and version "3.2.1"
-
Affected
Northern.tech
Search vendor "Northern.tech"
Mender
Search vendor "Northern.tech" for product "Mender"
3.2.2
Search vendor "Northern.tech" for product "Mender" and version "3.2.2"
-
Affected