WISPr HTTP Query Vulnerability in ConnMan by The ConnMan Project
CVE-2022-32293

8.1HIGH

Key Information:

Vendor
Intel
Status
Connman
Vendor
CVE Published:
3 August 2022

Summary

A serious vulnerability exists in ConnMan versions up to 1.41, where a man-in-the-middle attack targeting a WISPR HTTP query can exploit a use-after-free condition in the WISPR handling mechanism. This flaw allows an attacker to potentially crash the application or execute arbitrary code, posing significant risks to systems utilizing ConnMan for network management.

References

https://bugzilla.suse.com/show_bug.cgi?id=1200190
https://lore.kernel.org/connman/20220801080043.4861-3-wag...
https://lore.kernel.org/connman/20220801080043.4861-1-wag...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.