CVE-2022-22248

CVSS V2 None CVSS V3 High 7.3
Description
An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO.
Overview
  • CVE ID
  • CVE-2022-22248
  • Assigner
  • sirt@juniper.net
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-10-18T03:15:11
  • Last Modified Date
  • 2022-10-20T15:21:24
Weakness Enumerations
CWE URL
CWE-732 http://cwe.mitre.org/data/definitions/732.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:* 1 OR
cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:* 1 OR
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • REQUIRED
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 7.3
  • Base Severity
  • HIGH
  • Exploitability Score
  • 1.3
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://kb.juniper.net/JSA69905
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-22248
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22248
History
Created Old Value New Value Data Type Notes
2022-10-18 04:00:17 Added to TrackCVE
2022-12-07 08:44:43 2022-10-18T03:15Z 2022-10-18T03:15:11 CVE Published Date updated
2022-12-07 08:44:43 2022-10-20T15:21:24 CVE Modified Date updated
2022-12-07 08:44:43 Analyzed Vulnerability Status updated