fkie_cve-2022-32290
Vulnerability from fkie_nvd
Published
2022-07-06 12:15
Modified
2024-11-21 07:06
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device's client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn't represent a direct threat, because it doesn't expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server.
References
cve@mitre.orghttps://mender.io/blog/cve-2022-32290-mender-client-listening-on-all-the-interfacesVendor Advisory
cve@mitre.orghttps://northern.techVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://mender.io/blog/cve-2022-32290-mender-client-listening-on-all-the-interfacesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://northern.techVendor Advisory
Impacted products
Vendor Product Version
northern.tech mender 3.2.0
northern.tech mender 3.2.1
northern.tech mender 3.2.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:northern.tech:mender:3.2.0:*:*:*:-:*:*:*",
              "matchCriteriaId": "7E2B5205-6FC8-400A-A8DE-837F70BF32A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:northern.tech:mender:3.2.1:*:*:*:-:*:*:*",
              "matchCriteriaId": "CE7227EA-E3FD-49CC-8456-FFFAF873298B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:northern.tech:mender:3.2.2:*:*:*:-:*:*:*",
              "matchCriteriaId": "3C4F33C7-2496-4EA2-A953-27198737906E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device\u0027s client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn\u0027t represent a direct threat, because it doesn\u0027t expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server."
    },
    {
      "lang": "es",
      "value": "El cliente de Northern.tech Mender versiones 3.2.0, 3.2.1 y 3.2.2, presenta un Control de Acceso Incorrecto. Escucha en un puerto TCP aleatorio y no privilegiado y expone un proxy HTTP para facilitar las llamadas a la API desde componentes adicionales del cliente que se ejecutan en el dispositivo. Sin embargo, escucha en todas las interfaces de red en lugar de s\u00f3lo en la interfaz localhost. Por lo tanto, cualquier cliente en la misma red puede conectarse a este puerto TCP y enviar peticiones HTTP. El Cliente Mender reenviar\u00e1 estas peticiones al Servidor Mender. Adem\u00e1s, si mTLS est\u00e1 configurado, el Cliente Prestador ser\u00e1 conectado al Servidor Prestador usando el certificado de cliente del dispositivo, lo que hace posible a el atacante omitir la autenticaci\u00f3n mTLS y env\u00ede peticiones al Servidor Prestador sin acceso directo al certificado del cliente y a la clave privada relacionada. El acceso al proxy HTTP desde la red local no representa una amenaza directa, porque no expone ning\u00fan dato espec\u00edfico del dispositivo o del servidor. Sin embargo, aumenta la superficie de ataque y puede ser un vector potencial para explotar otras vulnerabilidades tanto en el Cliente como en el Servidor"
    }
  ],
  "id": "CVE-2022-32290",
  "lastModified": "2024-11-21T07:06:06.787",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-06T12:15:08.227",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://mender.io/blog/cve-2022-32290-mender-client-listening-on-all-the-interfaces"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://northern.tech"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://mender.io/blog/cve-2022-32290-mender-client-listening-on-all-the-interfaces"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://northern.tech"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.