CVE-2022-22251 - OpenCVE

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Juniper	Csrx Junos

Configuration 1 [-]

AND

cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*

cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*

References

Link	Resource
https://kb.juniper.net/JSA69908	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: juniper

Published: 2022-10-12T00:00:00

Updated: 2022-10-18T00:00:00

Reserved: 2021-12-21T00:00:00

Link: CVE-2022-22251

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-18T03:15:11.657

Modified: 2022-10-21T17:08:01.547

Link: CVE-2022-22251

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-22251", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "datePublished": "2022-10-12T00:00:00", "dateUpdated": "2022-10-18T00:00:00", "dateReserved": "2021-12-21T00:00:00"}, "containers": {"cna": {"title": "cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges", "datePublic": "2022-10-12T00:00:00", "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2022-10-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series."}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"version": "unspecified", "lessThan": "20.2R1", "status": "unaffected", "versionType": "custom"}, {"version": "20.2R1", "status": "affected", "lessThan": "20.2*", "versionType": "custom"}, {"version": "20.3R1", "status": "affected", "lessThan": "20.3*", "versionType": "custom"}, {"version": "20.4R1", "status": "affected", "lessThan": "20.4*", "versionType": "custom"}, {"version": "21.1R1", "status": "affected", "lessThan": "21.1*", "versionType": "custom"}], "platforms": ["cSRX Series"]}], "references": [{"url": "https://kb.juniper.net/JSA69908"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-257 Storing Passwords in a Recoverable Format", "cweId": "CWE-257"}]}, {"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-275 Permission Issues", "cweId": "CWE-275"}]}, {"descriptions": [{"type": "text", "lang": "en", "description": "Privilege elevation"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "JSA69908", "defect": ["1564383"], "discovery": "INTERNAL"}, "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R1, and all subsequent releases.\n\nAdditionally, customers using Docker or Kubernetes must contact JTAC to receive additional guidance on applying commands manually to deployments to provide a complete fix."}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F706555A-8840-4EC4-ABCC-5EE92EDA050D", "versionEndExcluding": "21.2", "versionStartIncluding": "20.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*", "matchCriteriaId": "11D4A86D-BDB4-4A01-96FE-7E023C58074B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series."}, {"lang": "es", "value": "En los dispositivos cSRX Series, los problemas de permisos de software en el sistema de archivos del contenedor y los archivos almacenados, combinados con el almacenamiento de contrase\u00f1as en un formato recuperable en Junos OS de Juniper Networks, permiten a un atacante local poco privilegiado elevar sus permisos para tomar el control de cualquier instancia de una implementaci\u00f3n de software cSRX. Este problema afecta a Juniper Networks Junos OS 20.2 versi\u00f3n 20.2R1 y versiones posteriores anteriores a 21.2R1 en cSRX Series"}], "id": "CVE-2022-22251", "lastModified": "2022-10-21T17:08:01.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Primary"}]}, "published": "2022-10-18T03:15:11.657", "references": [{"source": "sirt@juniper.net", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA69908"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-257"}, {"lang": "en", "value": "CWE-275"}], "source": "sirt@juniper.net", "type": "Secondary"}]}