CVE-2022-22241Improper Input Validation in Networks Junos OS

CWE-20Improper Input ValidationCWE-502Deserialization of Untrusted Data5 documents5 sources
Severity
9.8CRITICALNVD
CNA8.1
EPSS
3.6%
top 12.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 18
Latest updateOct 28

Description

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the ability to execute arbitrary commands. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prio

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.1R3-S9+12
NVDjuniper/junos< 19.1+13

🔴Vulnerability Details

2
GHSA
GHSA-f22c-xfcp-g8p7: An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data wi2022-10-18
CVEList
Junos OS: Vulnerability in J-Web may allow deserialization without authentication2022-10-18

🔍Detection Rules

1
Suricata
ET MALWARE Potential Juniper Phar Deserialization RCE Attempt (CVE-2022-22241)2022-10-28

📋Vendor Advisories

1
Juniper
CVE-2022-22241: An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data wi2022-10-18
CVE-2022-22241 — Improper Input Validation | cvebase