CVE-2022-22187 - Vulnerability Details

Vendors	Products
Juniper	Identity Management Service

Source	ID	Title
EUVD	EUVD-2022-27334	An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0.

Link	Providers
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md
https://kb.juniper.net/JSA69495

{"containers": {"cna": {"affected": [{"product": "Juniper Identity Management Service (JIMS)", "vendor": "Juniper Networks", "versions": [{"lessThan": "1.4.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Juniper SIRT would like to acknowledge and thank Ronnie Salomonsen from Mandiant for responsibly reporting this vulnerability."}], "datePublic": "2022-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-13T21:52:57", "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/JSA69495"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to disable the \"repair\" function of the Windows installer, resolving this specific issue: JIMS 1.4.0, and all subsequent releases."}], "source": {"advisory": "JSA69495", "defect": ["1624327"], "discovery": "EXTERNAL"}, "title": "JIMS: Local Privilege Escalation vulnerability via repair functionality", "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@juniper.net", "DATE_PUBLIC": "2022-04-13T16:00:00.000Z", "ID": "CVE-2022-22187", "STATE": "PUBLIC", "TITLE": "JIMS: Local Privilege Escalation vulnerability via repair functionality"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Juniper Identity Management Service (JIMS)", "version": {"version_data": [{"version_affected": "<", "version_value": "1.4.0"}]}}]}, "vendor_name": "Juniper Networks"}]}}, "credit": [{"lang": "eng", "value": "Juniper SIRT would like to acknowledge and thank Ronnie Salomonsen from Mandiant for responsibly reporting this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0."}]}, "exploit": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/JSA69495", "refsource": "CONFIRM", "url": "https://kb.juniper.net/JSA69495"}, {"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md", "refsource": "MISC", "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md"}]}, "solution": [{"lang": "en", "value": "The following software releases have been updated to disable the \"repair\" function of the Windows installer, resolving this specific issue: JIMS 1.4.0, and all subsequent releases."}], "source": {"advisory": "JSA69495", "defect": ["1624327"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "There are no viable workarounds for this issue."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:07:50.195Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.juniper.net/JSA69495"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md"}]}]}, "cveMetadata": {"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "cveId": "CVE-2022-22187", "datePublished": "2022-04-14T15:50:45.202125Z", "dateReserved": "2021-12-21T00:00:00", "dateUpdated": "2024-09-16T16:43:45.144Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:identity_management_service:*:*:*:*:*:windows:*:*", "matchCriteriaId": "E94DB0A1-81AE-4292-875B-8DF8758AC7BF", "versionEndExcluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0."}, {"lang": "es", "value": "Una vulnerabilidad de Administraci\u00f3n de Privilegios Inapropiada en el marco del instalador de Windows usado en Juniper Networks Juniper Identity Management Service (JIMS) permite a un usuario no privilegiado desencadenar una operaci\u00f3n de reparaci\u00f3n. La ejecuci\u00f3n de una operaci\u00f3n de reparaci\u00f3n, a su vez, desencadenar\u00e1 una serie de operaciones de archivo en la carpeta %TEMP% del usuario que desencadena la reparaci\u00f3n. Algunas de estas operaciones se llevar\u00e1n a cabo desde un contexto SYSTEM (iniciado por medio del servicio Windows Installer), incluyendo la ejecuci\u00f3n de archivos temporales. Un atacante puede ser capaz de proporcionar binarios maliciosos al Instalador de Windows, que ser\u00e1n ejecutados con altos privilegios, lo que conlleva a una escalada de privilegios local. Este problema afecta a Juniper Networks Juniper Identity Management Service (JIMS) versiones anteriores a 1.4.0"}], "id": "CVE-2022-22187", "lastModified": "2024-11-21T06:46:21.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-14T16:15:08.047", "references": [{"source": "sirt@juniper.net", "tags": ["Third Party Advisory"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md"}, {"source": "sirt@juniper.net", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA69495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA69495"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object