// For flags

CVE-2022-22248

Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands

Severity Score

7.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO.

Una vulnerabilidad de Asignación de Permisos Incorrecta en el procesamiento de shell de Juniper Networks Junos OS Evolved permite a un usuario local poco privilegiado modificar el contenido de un archivo de configuración, lo que podría causar que otro usuario ejecutara comandos arbitrarios en el contexto de la sesión del usuario de seguimiento. Si el usuario de seguimiento es un administrador con altos privilegios, el atacante podría aprovechar esta vulnerabilidad para tomar el control completo del sistema de destino. Mientras que este problema se desencadena cuando un usuario, que no sea el atacante, accede al shell de Junos, un atacante sólo necesita acceder a la CLI de Junos para explotar esta vulnerabilidad. Este problema afecta a Juniper Networks Junos OS Evolved: versiones 20.4-EVO anteriores a 20.4R3-S1-EVO; todas las versiones de 21.1-EVO; versiones 21.2-EVO anteriores a 21.2R3-EVO; versiones 21.3-EVO anteriores a 21.3R2-EVO. Este problema no afecta a las versiones de Junos OS Evolved de Juniper Networks anteriores a 19.2R1-EVO

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-12-21 CVE Reserved
  • 2022-10-18 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://kb.juniper.net/JSA69905 2022-10-20
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r2-s3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
20.4
Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r3
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.1
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"
r3-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r1-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r1-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r2-s1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.2
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"
r2-s2
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"
-
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"
r1
Affected
Juniper
Search vendor "Juniper"
Junos Os Evolved
Search vendor "Juniper" for product "Junos Os Evolved"
21.3
Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"
r1-s1
Affected