CVE-2022-32290
CVE-2022-32290 is a medium-severity vulnerability in Northern.tech Mender with a CVSS 3.x base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-863.
Key facts
- Severity: Medium (CVSS 3.x base score 4.3)
- CVSS v2: 3.3
- EPSS exploit prediction: 0% (13th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-863
- Affected product: Northern.tech Mender
- Published:
- Last modified:
Description
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device's client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn't represent a direct threat, because it doesn't expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server.
Frequently asked questions
- What is CVE-2022-32290?
- The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device's client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn't represent a direct threat, because it doesn't expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server.
- How severe is CVE-2022-32290?
- CVE-2022-32290 has a CVSS 3.x base score of 4.3, rated medium severity. It is exploitable over an adjacent network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity low, and availability none.
- Is CVE-2022-32290 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (13th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-32290?
- CVE-2022-32290 primarily affects Northern.tech Mender. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2022-32290?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2022-32290 published?
- CVE-2022-32290 was published on 2022-07-06 and last updated on 2026-06-17.
References
- https://mender.io/blog/cve-2022-32290-mender-client-listening-on-all-the-interfaces
- https://northern.tech
Affected products (3)
- cpe:2.3:a:northern.tech:mender:3.2.0:*:*:*:-:*:*:*
- cpe:2.3:a:northern.tech:mender:3.2.1:*:*:*:-:*:*:*
- cpe:2.3:a:northern.tech:mender:3.2.2:*:*:*:-:*:*:*
More vulnerabilities in Northern.tech Mender
- CVE-2022-29556 — Critical (CVSS 9.8): The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT…
- CVE-2022-29555 — High (CVSS 8.8): The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin…
- CVE-2024-46948 — Medium (CVSS 4.3): Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.
All CVEs affecting Northern.tech Mender →
Other CWE-863 (Incorrect Authorization) vulnerabilities
- CVE-2026-48286 — Critical (CVSS 10.0): Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization…
- CVE-2026-48303 — Critical (CVSS 10.0): Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization…
- CVE-2026-44330 — Critical (CVSS 10.0): free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the…
- CVE-2026-46595 — Critical (CVSS 10.0): Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of…
- CVE-2026-33105 — Critical (CVSS 10.0): Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over…
- CVE-2026-32213 — Critical (CVSS 10.0): Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
Browse all CWE-863 (Incorrect Authorization) vulnerabilities →