CVE-2022-22189Authentication Bypass Using an Alternate Path or Channel in Networks Contrail Service Orchestration

CWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-708Incorrect Ownership Assignment4 documents4 sources
Severity
7.8HIGHNVD
CNA7.3
EPSS
0.0%
top 91.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Contrail Service OrchestrationJuniper Contrail Service Orchestration
Timeline
PublishedApr 14
Latest updateApr 15

Description

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premis

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/contrail_service_orchestration6.0.06.0.0 Patch v3

🔴Vulnerability Details

2
GHSA
GHSA-mr95-wr78-6g74: An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have t2022-04-15
CVEList
Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication2022-04-14

📋Vendor Advisories

1
Juniper
CVE-2022-22189: An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have t2022-04-14
CVE-2022-22189 — HIGH severity | cvebase