{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-22248", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "datePublished": "2022-10-18T02:46:50.873325Z", "dateUpdated": "2024-09-17T04:24:13.441Z", "dateReserved": "2021-12-21T00:00:00"}, "containers": {"cna": {"title": "Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands", "datePublic": "2022-10-12T00:00:00", "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2022-10-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO."}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"version": "unspecified", "lessThan": "19.2R1-EVO", "status": "unaffected", "versionType": "custom"}, {"version": "20.4-EVO", "status": "affected", "lessThan": "20.4R3-S1-EVO", "versionType": "custom"}, {"version": "21.1R1-EVO", "status": "affected", "lessThan": "21.1-EVO*", "versionType": "custom"}, {"version": "21.2-EVO", "status": "affected", "lessThan": "21.2R3-EVO", "versionType": "custom"}, {"version": "21.3-EVO", "status": "affected", "lessThan": "21.3R2-EVO", "versionType": "custom"}]}], "references": [{"url": "https://kb.juniper.net/JSA69905"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "cweId": "CWE-732"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "JSA69905", "defect": ["1621536"], "discovery": "INTERNAL"}, "workarounds": [{"lang": "en", "value": "Limit access to the Junos shell by system administrators until an upgrade can be performed.\n\nUse access lists or firewall filters to limit access to the Junos CLI only from trusted hosts and administrators."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS Evolved 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and all subsequent releases."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:07:49.961Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.juniper.net/JSA69905", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*", "matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*", "matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*", "matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*", "matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*", "matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:-:*:*:*:*:*:*", "matchCriteriaId": "52C3552E-798F-4719-B38D-F74E34EAAA40", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*", "matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*", "matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*", "matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "8C583289-96C4-4451-A320-14CA1C390819", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*", "matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*", "matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*", "matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*", "matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*", "matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de Asignaci\u00f3n de Permisos Incorrecta en el procesamiento de shell de Juniper Networks Junos OS Evolved permite a un usuario local poco privilegiado modificar el contenido de un archivo de configuraci\u00f3n, lo que podr\u00eda causar que otro usuario ejecutara comandos arbitrarios en el contexto de la sesi\u00f3n del usuario de seguimiento. Si el usuario de seguimiento es un administrador con altos privilegios, el atacante podr\u00eda aprovechar esta vulnerabilidad para tomar el control completo del sistema de destino. Mientras que este problema se desencadena cuando un usuario, que no sea el atacante, accede al shell de Junos, un atacante s\u00f3lo necesita acceder a la CLI de Junos para explotar esta vulnerabilidad. Este problema afecta a Juniper Networks Junos OS Evolved: versiones 20.4-EVO anteriores a 20.4R3-S1-EVO; todas las versiones de 21.1-EVO; versiones 21.2-EVO anteriores a 21.2R3-EVO; versiones 21.3-EVO anteriores a 21.3R2-EVO. Este problema no afecta a las versiones de Junos OS Evolved de Juniper Networks anteriores a 19.2R1-EVO"}], "id": "CVE-2022-22248", "lastModified": "2022-10-20T15:21:24.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Primary"}]}, "published": "2022-10-18T03:15:11.453", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA69905"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}