CVE-2022-32290
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device's client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn't represent a direct threat, because it doesn't expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server.
El cliente de Northern.tech Mender versiones 3.2.0, 3.2.1 y 3.2.2, presenta un Control de Acceso Incorrecto. Escucha en un puerto TCP aleatorio y no privilegiado y expone un proxy HTTP para facilitar las llamadas a la API desde componentes adicionales del cliente que se ejecutan en el dispositivo. Sin embargo, escucha en todas las interfaces de red en lugar de sólo en la interfaz localhost. Por lo tanto, cualquier cliente en la misma red puede conectarse a este puerto TCP y enviar peticiones HTTP. El Cliente Mender reenviará estas peticiones al Servidor Mender. Además, si mTLS está configurado, el Cliente Prestador será conectado al Servidor Prestador usando el certificado de cliente del dispositivo, lo que hace posible a el atacante omitir la autenticación mTLS y envíe peticiones al Servidor Prestador sin acceso directo al certificado del cliente y a la clave privada relacionada. El acceso al proxy HTTP desde la red local no representa una amenaza directa, porque no expone ningún dato específico del dispositivo o del servidor. Sin embargo, aumenta la superficie de ataque y puede ser un vector potencial para explotar otras vulnerabilidades tanto en el Cliente como en el Servidor
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-05 CVE Reserved
- 2022-07-06 CVE Published
- 2024-01-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://mender.io/blog/cve-2022-32290-mender-client-listening-on-all-the-interfaces | 2022-07-14 | |
| https://northern.tech | 2022-07-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Northern.tech Search vendor "Northern.tech" | Mender Search vendor "Northern.tech" for product "Mender" | 3.2.0 Search vendor "Northern.tech" for product "Mender" and version "3.2.0" | - |
Affected
| ||||||
| Northern.tech Search vendor "Northern.tech" | Mender Search vendor "Northern.tech" for product "Mender" | 3.2.1 Search vendor "Northern.tech" for product "Mender" and version "3.2.1" | - |
Affected
| ||||||
| Northern.tech Search vendor "Northern.tech" | Mender Search vendor "Northern.tech" for product "Mender" | 3.2.2 Search vendor "Northern.tech" for product "Mender" and version "3.2.2" | - |
Affected
| ||||||