CVE-2022-22947

2022-03-0300:00:00

attackerkb.com

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

JSON

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

Recent assessments:

egalinkin-r7 at June 02, 2022 6:29pm UTC reported:

CVE-2022-22947 is a remote code execution vulnerability in Spring Cloud Gateway that is currently being exploited in the wild. The vulnerable condition stems from Spring Expression Language (SpEL) expressions being passed to the StandardEvaluationContext context. This means that any valid SpEL expression passed to the context is executed.

Wyatt Dahlenberg provided a proof of concept exploit on his blog, which works on crafted vulnerable applications. In order to expose the interface, you need to modify the applications.properties file for an application using the Spring Cloud Gateway, suggesting that exposure of the vulnerable API is both non-standard and relatively uncommon.

Telemetry from Rapid7’s Project Heisenberg reveals a small number of exploit attempts (and scanners looking for vulnerable applications) over the last two months. This suggests that the scale of exploitation is low at this time.

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5