CVE-2022-32290

{"id": "CVE-2022-32290", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-07-06T12:15:08.227", "references": [{"url": "https://mender.io/blog/cve-2022-32290-mender-client-listening-on-all-the-interfaces", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://northern.tech", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device's client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn't represent a direct threat, because it doesn't expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server."}, {"lang": "es", "value": "El cliente de Northern.tech Mender versiones 3.2.0, 3.2.1 y 3.2.2, presenta un Control de Acceso Incorrecto. Escucha en un puerto TCP aleatorio y no privilegiado y expone un proxy HTTP para facilitar las llamadas a la API desde componentes adicionales del cliente que se ejecutan en el dispositivo. Sin embargo, escucha en todas las interfaces de red en lugar de s\u00f3lo en la interfaz localhost. Por lo tanto, cualquier cliente en la misma red puede conectarse a este puerto TCP y enviar peticiones HTTP. El Cliente Mender reenviar\u00e1 estas peticiones al Servidor Mender. Adem\u00e1s, si mTLS est\u00e1 configurado, el Cliente Prestador ser\u00e1 conectado al Servidor Prestador usando el certificado de cliente del dispositivo, lo que hace posible a el atacante omitir la autenticaci\u00f3n mTLS y env\u00ede peticiones al Servidor Prestador sin acceso directo al certificado del cliente y a la clave privada relacionada. El acceso al proxy HTTP desde la red local no representa una amenaza directa, porque no expone ning\u00fan dato espec\u00edfico del dispositivo o del servidor. Sin embargo, aumenta la superficie de ataque y puede ser un vector potencial para explotar otras vulnerabilidades tanto en el Cliente como en el Servidor"}], "lastModified": "2022-07-14T21:50:17.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:northern.tech:mender:3.2.0:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7E2B5205-6FC8-400A-A8DE-837F70BF32A3"}, {"criteria": "cpe:2.3:a:northern.tech:mender:3.2.1:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "CE7227EA-E3FD-49CC-8456-FFFAF873298B"}, {"criteria": "cpe:2.3:a:northern.tech:mender:3.2.2:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "3C4F33C7-2496-4EA2-A953-27198737906E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}