CVE-2022-22239 — Execution with Unnecessary Privileges in Networks Junos OS Evolved

CWE-250 — Execution with Unnecessary Privileges CWE-269 — Improper Privilege Management4 documents4 sources

Severity

8.8HIGHNVD

CNA8.2

EPSS

0.1%

top 84.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedOct 18

Description

An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S5-EVO+3

▶NVDjuniper/junos_os_evolved< 20.4+4

🔴Vulnerability Details

CVEList

Junos OS Evolved: The ssh CLI command always runs as root which can lead to privilege escalation↗2022-10-18

▶

GHSA

GHSA-h38r-wg7q-9555: An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated↗2022-10-18

▶

📋Vendor Advisories

Juniper

CVE-2022-22239: An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated↗2022-10-18

▶