← volver
CVE-2022-22947

CVE-2022-22947

CVSS 10 CRITICALEPSS 98.3%● KEVCWE-94
En resumen

Spring Cloud Gateway permite que atacantes ejecuten código arbitrario en el servidor si el endpoint Actuator está expuesto sin protección adecuada. Una solicitud especialmente elaborada puede permitir la ejecución remota de comandos.

Detalle técnico

Vulnerabilidad de inyección de código (CWE-94) en el endpoint Actuator de Spring Cloud Gateway permite ejecución remota de código cuando el endpoint está expuesto sin autenticación. Precondición: Actuator debe estar habilitado y accesible públicamente. El vector de ataque implica enviar payloads maliciosos a través de la interfaz Actuator, resultando en ejecución arbitraria de comandos en el host.

Resumen generado y traducido por IA a partir de la descripción oficial.
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Productos afectados
n/a · Spring Cloud Gateway
PoCs públicas encontradas64
githubgithub.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947223githubgithub.com/whwlsfb/cve-2022-22947-godzilla-memshell211githubgithub.com/SecNN/CVE-2022-22947_Rce_Exp77githubgithub.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway71githubgithub.com/0730Nophone/CVE-2022-22947-60githubgithub.com/crowsec-edtech/CVE-2022-2294738githubgithub.com/0x7eTeam/CVE-2022-2294736githubgithub.com/Zh0um1/CVE-2022-2294728githubgithub.com/Tas9er/SpringCloudGatewayRCE28githubgithub.com/Enokiy/cve-2022-22947-spring-cloud-gateway18githubgithub.com/viemsr/spring_cloud_gateway_memshell18githubgithub.com/B0rn2d/Spring-Cloud-Gateway-Nacos16githubgithub.com/MoCh3n/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE14githubgithub.com/4nNns/CVE-2022-2294712githubgithub.com/k3rwin/spring-cloud-gateway-rce12githubgithub.com/Wrin9/CVE-2022-2294711githubgithub.com/twseptian/cve-2022-2294711githubgithub.com/Vulnmachines/spring-cve-2022-2294710githubgithub.com/dingxiao77/-cve-2022-22947-9githubgithub.com/SiJiDo/CVE-2022-229479githubgithub.com/hunzi0/CVE-2022-22947-Rce_POC7githubgithub.com/anansec/CVE-2022-22947_EXP7githubgithub.com/mrknow001/CVE-2022-229477githubgithub.com/YutuSec/SpEL6githubgithub.com/darkb1rd/cve-2022-229476githubgithub.com/Greetdawn/CVE-2022-229475githubgithub.com/Arrnitage/CVE-2022-22947_exp5githubgithub.com/sagaryadav8742/springcloudRCE4githubgithub.com/LY613313/CVE-2022-229473githubgithub.com/stayfoolish777/CVE-2022-22947-POC3githubgithub.com/nu0l/cve-2022-229473githubgithub.com/Le1a/CVE-2022-229472githubgithub.com/22ke/CVE-2022-229472githubgithub.com/dbgee/CVE-2022-229472githubgithub.com/Vancomycin-g/CVE-2022-229472githubgithub.com/kkx600/Burp_VulPscan2githubgithub.com/Wrong-pixel/CVE-2022-22947-exp1githubgithub.com/kmahyyg/CVE-2022-229471githubgithub.com/Jun-5heng/CVE-2022-229471githubgithub.com/qq87234770/CVE-2022-229471githubgithub.com/bysinks/CVE-2022-229471githubgithub.com/Nathaniel1025/CVE-2022-229471githubgithub.com/talentsec/Spring-Cloud-Gateway-CVE-2022-229471githubgithub.com/Sumitpathania03/CVE-2022-229470githubgithub.com/scopion/cve-2022-229470githubgithub.com/Summer177/Spring-Cloud-Gateway-CVE-2022-229470githubgithub.com/BerMalBerIst/CVE-2022-229470githubgithub.com/flying0er/CVE-2022-22947-goby0githubgithub.com/nanaao/CVE-2022-22947-POC0githubgithub.com/PaoPaoLong-lab/Spring-CVE-2022-22947-0githubgithub.com/hh-hunter/cve-2022-22947-docker0githubgithub.com/scopion/CVE-2022-22947-exp0githubgithub.com/fbion/CVE-2022-229470githubgithub.com/aesm1p/CVE-2022-22947-POC-Reproduce0githubgithub.com/SanderSchepers1993/CyberSec20260githubgithub.com/ciri3/spring-cloud-gateway-cve-2022-22947-report0githubgithub.com/entr0pie/demo-cve-2022-229470githubgithub.com/superneilcn/SpringExploitGUI0githubgithub.com/cc3305/CVE-2022-229470githubgithub.com/skysliently/CVE-2022-22947-pb-ai0githubgithub.com/shoucheng3/spring-cloud__spring-cloud-gateway_CVE-2022-22947_3-0-60cve_referencepacketstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/50799no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.htmlhttps://tanzu.vmware.com/security/cve-2022-22947https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22947https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html