CVE-2022-22248

Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands

Severity Score

7.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other than the attacker, accessing the Junos shell, an attacker simply requires Junos CLI access to exploit this vulnerability. This issue affects Juniper Networks Junos OS Evolved: 20.4-EVO versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 19.2R1-EVO.

Una vulnerabilidad de Asignación de Permisos Incorrecta en el procesamiento de shell de Juniper Networks Junos OS Evolved permite a un usuario local poco privilegiado modificar el contenido de un archivo de configuración, lo que podría causar que otro usuario ejecutara comandos arbitrarios en el contexto de la sesión del usuario de seguimiento. Si el usuario de seguimiento es un administrador con altos privilegios, el atacante podría aprovechar esta vulnerabilidad para tomar el control completo del sistema de destino. Mientras que este problema se desencadena cuando un usuario, que no sea el atacante, accede al shell de Junos, un atacante sólo necesita acceder a la CLI de Junos para explotar esta vulnerabilidad. Este problema afecta a Juniper Networks Junos OS Evolved: versiones 20.4-EVO anteriores a 20.4R3-S1-EVO; todas las versiones de 21.1-EVO; versiones 21.2-EVO anteriores a 21.2R3-EVO; versiones 21.3-EVO anteriores a 21.3R2-EVO. Este problema no afecta a las versiones de Junos OS Evolved de Juniper Networks anteriores a 19.2R1-EVO

*Credits: N/A

CVSS Scores

Juniper Networksv3.1 7.3

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-12-21 CVE Reserved
2022-10-18 CVE Published
2023-03-08 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-732: Incorrect Permission Assignment for Critical Resource

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.juniper.net/JSA69905	2022-10-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r1-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r2-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r2-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r2-s3		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.4"		r3		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"		r2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"		r3		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.1"		r3-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r1-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r2-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.2"		r2-s2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				21.3 Search vendor "Juniper" for product "Junos Os Evolved" and version "21.3"		r1-s1		Affected