CVE-2022-42183 – CVE-2022-42183 is a Server-Side Request Forgery... (How to Fix)

Q: What is the severity of CVE-2022-42183?

CVE-2022-42183 has a CVSS score of 9.1 (CRITICAL). CVE-2022-42183 is a Server-Side Request Forgery (SSRF) vulnerability in Precisely Spectrum Spatial Analyst 20.01 that allows attackers to make unauthorized requests from the vulnerable server to internal or external systems. This affects organizations using the vulnerable version of this geospatial analytics software. Attackers could potentially access internal services, perform port scanning, or interact with cloud metadata services.

📋 TL;DR

CVE-2022-42183 is a Server-Side Request Forgery (SSRF) vulnerability in Precisely Spectrum Spatial Analyst 20.01 that allows attackers to make unauthorized requests from the vulnerable server to internal or external systems. This affects organizations using the vulnerable version of this geospatial analytics software. Attackers could potentially access internal services, perform port scanning, or interact with cloud metadata services.

💻 Affected Systems

Products:

Precisely Spectrum Spatial Analyst

Versions: 20.01

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of version 20.01 are vulnerable regardless of configuration.

📦 What is this software?

Spectrum Spatial Analyst by Precisely

View all CVEs affecting Spectrum Spatial Analyst →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network resources, data exfiltration from internal services, cloud metadata exploitation leading to cloud environment takeover, and lateral movement to other systems.

🟠

Likely Case

Unauthorized access to internal HTTP services, port scanning of internal networks, and potential data leakage from internal APIs or services.

🟢

If Mitigated

Limited to port scanning or failed connection attempts if proper network segmentation and egress filtering are implemented.

🌐 Internet-Facing: HIGH - Internet-facing instances can be directly exploited by external attackers without network access.

🏢 Internal Only: MEDIUM - Requires initial access to internal network but could lead to significant lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SSRF vulnerabilities are commonly exploited and public advisories provide technical details that facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20.01 with Service Pack S56 or later

Vendor Advisory: https://docs.precisely.com/docs/sftw/spectrum/release-notes/spectrum-2020-1-S56-release-notes.pdf

Restart Required: Yes

Instructions:

1. Download Service Pack S56 from Precisely support portal. 2. Backup current installation. 3. Apply the service pack following vendor instructions. 4. Restart the Spectrum Spatial Analyst service. 5. Verify the patch is applied by checking version.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from Spectrum Spatial Analyst servers to only required destinations.

Input Validation

all

Implement strict input validation on all user-supplied URLs and endpoints.

🧯 If You Can't Patch

Implement strict network egress filtering to prevent the server from making requests to internal or unauthorized external systems.
Deploy a web application firewall (WAF) with SSRF protection rules to block malicious requests.

🔍 How to Verify

Check if Vulnerable:

Check if Spectrum Spatial Analyst version is 20.01 without Service Pack S56 applied.

Check Version:

Check application version through administrative interface or installation directory version files.

Verify Fix Applied:

Verify that Service Pack S56 or later is installed and the version shows as patched.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from Spectrum server
Requests to internal IP addresses or cloud metadata endpoints
Failed connection attempts to unusual ports

Network Indicators:

HTTP traffic from Spectrum server to internal network segments
Requests to 169.254.169.254 (AWS metadata) or similar cloud endpoints
Port scanning patterns from the server

SIEM Query:

source="spectrum_server" AND (dest_ip=PRIVATE_IP_RANGE OR dest_ip=169.254.169.254 OR dest_port>1024)

📊 Metadata

CVE ID: CVE-2022-42183

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-918

Published: July 31, 2023

Last Updated: November 21, 2024

🔗 References

https://docs.precisely.com/docs/sftw/spectrum/release-notes/spectrum-2020-1-S56-release-notes.pdf Patch,Release Notes,Vendor Advisory
https://zxsecurity.co.nz/research/advisories/precisely-spectrum-spatial-analyst-20-1 Exploit,Third Party Advisory
https://docs.precisely.com/docs/sftw/spectrum/release-notes/spectrum-2020-1-S56-release-notes.pdf Patch,Release Notes,Vendor Advisory
https://zxsecurity.co.nz/research/advisories/precisely-spectrum-spatial-analyst-20-1 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-42183, you might also want to check these: