CVE-2022-22243Improper Input Validation in Networks Junos OS

CWE-20Improper Input ValidationCWE-91XML Injection (aka Blind XPath Injection)4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 33.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 18

Description

An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.1R3-S9+12
NVDjuniper/junos< 19.1+13

🔴Vulnerability Details

2
CVEList
Junos OS: XPath Injection vulnerability in J-Web2022-10-18
GHSA
GHSA-4cgg-mfwm-v63x: An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker2022-10-18

📋Vendor Advisories

1
Juniper
CVE-2022-22243: An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker2022-10-18
CVE-2022-22243 — Improper Input Validation | cvebase