CVE-2022-22221Networks Junos OS vulnerability

4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 79.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 20
Latest updateJul 21

Description

An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show system download ..." commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.1R3-S9+11
NVDjuniper/junos< 19.2+11

🔴Vulnerability Details

2
GHSA
GHSA-5w8c-34c5-7jq9: An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a2022-07-21
CVEList
Junos OS: SRX and EX Series: Local privilege escalation flaw in "download" functionality2022-07-20

📋Vendor Advisories

1
Juniper
CVE-2022-22221: An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a2022-07-20
CVE-2022-22221 — Networks Junos OS vulnerability | cvebase