Lucene search

[email protected]NVD:CVE-2022-22251

HistoryOct 18, 2022 - 3:15 a.m.

CVE-2022-22251

2022-10-1803:15:11

CWE-275

CWE-257

CWE-522

[email protected]

web.nvd.nist.gov

csrx series

permission issues

filesystem

stored files

passwords

juniper networks

junos os

local attacker

elevated permissions

software deployment

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.

Affected configurations

NVD

Node

juniperjunosRange20.2–21.2

AND

junipercsrxMatch-

References

kb.juniper.net/JSA69908

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-22251

nessus1 cve1 cvelist1 prion1