CVE-2022-22187

JIMS: Local Privilege Escalation vulnerability via repair functionality

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0.

Una vulnerabilidad de Administración de Privilegios Inapropiada en el marco del instalador de Windows usado en Juniper Networks Juniper Identity Management Service (JIMS) permite a un usuario no privilegiado desencadenar una operación de reparación. La ejecución de una operación de reparación, a su vez, desencadenará una serie de operaciones de archivo en la carpeta %TEMP% del usuario que desencadena la reparación. Algunas de estas operaciones se llevarán a cabo desde un contexto SYSTEM (iniciado por medio del servicio Windows Installer), incluyendo la ejecución de archivos temporales. Un atacante puede ser capaz de proporcionar binarios maliciosos al Instalador de Windows, que serán ejecutados con altos privilegios, lo que conlleva a una escalada de privilegios local. Este problema afecta a Juniper Networks Juniper Identity Management Service (JIMS) versiones anteriores a 1.4.0

*Credits: Juniper SIRT would like to acknowledge and thank Ronnie Salomonsen from Mandiant for responsibly reporting this vulnerability.

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-21 CVE Reserved
2022-04-14 CVE Published
2023-03-08 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management

CAPEC

References (1)

URL	Tag	Source
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"		Identity Management Service Search vendor "Juniper" for product "Identity Management Service"				< 1.4.0 Search vendor "Juniper" for product "Identity Management Service" and version " < 1.4.0"		windows		Affected