CVE-2022-38870
published 2022-10-25CVE-2022-38870: Free5gc v3.2.1 is vulnerable to Information disclosure.
PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.86%
85.0th percentile
Free5gc v3.2.1 is vulnerable to Information disclosure.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| free5gc | free5gc | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated GET requests to /api/subscriber with a static 'Token: admin' header returning HTTP 200 with JSON body containing 'plmnID' and 'ueId' fields — indicative of CVE-2022-38870 exploitation against Free5gc 3.2.1. ↗
- →Response body match: look for both '"plmnID":' and '"ueId":' in a JSON response from /api/subscriber to confirm successful information disclosure. ↗
- →Response Content-Type header 'application/json' combined with HTTP 200 status on /api/subscriber confirms the endpoint is exposing subscriber data. ↗
- →Use Shodan queries 'http.title:"free5GC Web Console"' or 'http.title:"free5gc web console"' to identify internet-exposed Free5gc instances potentially vulnerable to this CVE. ↗
- →Use FOFA query 'title="free5gc web console"' or Google dork 'intitle:"free5gc web console"' to identify exposed Free5gc web consoles. ↗
- ·The vulnerability is classified as CWE-306 (Missing Authentication for Critical Function), meaning the /api/subscriber endpoint requires no valid credentials beyond a static hardcoded 'Token: admin' header value. ↗
- ·This CVE affects specifically Free5gc version 3.2.1; the vulnerable endpoint is /api/subscriber accessible via the web console interface. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Free5gc 3.2.1 - Information Disclosure
nuclei·CVSS 7.5
CVE-2022-38870 [HIGH] Free5gc 3.2.1 - Information Disclosure
Free5gc 3.2.1 - Information Disclosure
Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2022-38870
info:
name: Free5gc 3.2.1 - Information Disclosure
author: For3stCo1d
severity: high
description: |
Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
Successful exploitation of this vulnerability could result in unauthorized access to sensitive information.
remediation: |
Apply the latest patch or upgrade to a patched version of Free5gc 3.2.1 to mitigate the vulnerability.
reference:
- https://github.com/free5gc/free5gc/issues/387
- htt
No writeups or analysis indexed.
2022-10-25
Published