CVE-2022-47872 – This Server-Side Request Forgery (SSRF) vulnera... (How to Fix)

Q: What is the severity of CVE-2022-47872?

CVE-2022-47872 has a CVSS score of 8.8 (HIGH). This Server-Side Request Forgery (SSRF) vulnerability in maccms10 allows attackers to make the application send arbitrary HTTP requests to internal or external systems by injecting malicious payloads into the Name parameter. Attackers can potentially access internal services, perform port scanning, or interact with cloud metadata services. All users running vulnerable versions of maccms10 are affected.

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in maccms10 allows attackers to make the application send arbitrary HTTP requests to internal or external systems by injecting malicious payloads into the Name parameter. Attackers can potentially access internal services, perform port scanning, or interact with cloud metadata services. All users running vulnerable versions of maccms10 are affected.

💻 Affected Systems

Products:

maccms10

Versions: v2021.1000.2000

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the Interface address module's Name parameter handling.

📦 What is this software?

Maccms by Maccms

View all CVEs affecting Maccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive internal services, interact with cloud metadata APIs to obtain credentials, perform lateral movement within the network, or use the vulnerable server as a proxy for attacks against other systems.

🟠

Likely Case

Attackers would typically scan internal networks, access internal web applications, or interact with cloud metadata services to gather information about the infrastructure.

🟢

If Mitigated

With proper network segmentation and egress filtering, the impact would be limited to the local server environment with minimal data exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code is available on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch is available. Consider upgrading to a newer version if available, or implement workarounds and monitoring.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation for the Name parameter to reject URLs and special characters

Modify application code to validate Name parameter input

Network Egress Filtering

linux

Restrict outbound connections from the application server to only necessary destinations

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) rules to block SSRF patterns in requests
Isolate the vulnerable system in a restricted network segment with limited outbound access

🔍 How to Verify

Check if Vulnerable:

Test by sending a crafted payload to the Interface address module's Name parameter and observing if the server makes external requests

Check Version:

Check maccms10 version in admin panel or configuration files

Verify Fix Applied:

Test the same payload after implementing fixes to confirm no external requests are made

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from the application server
Requests to internal IP addresses or cloud metadata endpoints

Network Indicators:

HTTP traffic from application server to unexpected destinations
Port scanning patterns originating from the server

SIEM Query:

source_ip="application_server_ip" AND (dest_ip="169.254.169.254" OR dest_port IN (80, 443, 8080))

📊 Metadata

CVE ID: CVE-2022-47872

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-918

Published: February 1, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/Cedric1314/CVE-2022-47872/blob/main/README.md Exploit,Third Party Advisory
https://github.com/Cedric1314/CVE-2022-47872/blob/main/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47872, you might also want to check these: