10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Recent assessments:
egalinkin-r7 at June 02, 2022 6:29pm UTC reported:
CVE-2022-22947 is a remote code execution vulnerability in Spring Cloud Gateway that is currently being exploited in the wild. The vulnerable condition stems from Spring Expression Language (SpEL) expressions being passed to the StandardEvaluationContext context. This means that any valid SpEL expression passed to the context is executed.
Wyatt Dahlenberg provided a proof of concept exploit on his blog, which works on crafted vulnerable applications. In order to expose the interface, you need to modify the applications.properties file for an application using the Spring Cloud Gateway, suggesting that exposure of the vulnerable API is both non-standard and relatively uncommon.
Telemetry from Rapid7’s Project Heisenberg reveals a small number of exploit attempts (and scanners looking for vulnerable applications) over the last two months. This suggests that the scale of exploitation is low at this time.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5
packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html
packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22947
tanzu.vmware.com/security/cve-2022-22947
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%