Cyber Resilience

CVE-2022-32293

High

Published: 03 August 2022

Published
03 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 62.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-32293 is a high-severity Use After Free (CWE-416) vulnerability in Intel Connman. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 37.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

ConnMan through version 1.41 contains a use-after-free vulnerability (CWE-416) in its WISPR HTTP query handling. The flaw resides in the connection manager component that processes wireless Internet service provider roaming requests and can be triggered when an attacker intercepts the associated HTTP traffic.

An unauthenticated network adversary positioned to perform a man-in-the-middle attack against a WISPR query can induce the use-after-free condition. Successful exploitation may result in a crash or arbitrary code execution, although the CVSS vector rates attack complexity as high.

Upstream patches addressing the WISPR handling flaw were posted to the ConnMan mailing list in August 2022. Distribution vendors subsequently issued updates, including Debian DSA-5231 and Gentoo GLSA-202310-21, advising administrators to upgrade to fixed ConnMan releases.

EPSS for the CVE rose from a low baseline to a peak of 0.0527 on 2025-01-22 before receding, indicating a period of increased exploitation interest well after the original 2022 disclosure.

EU & UK References

Vulnerability details

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

intel
connman
≤ 1.41
debian
debian linux
11.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-416

Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.

References