CVE-2022-22245Relative Path Traversal in Networks Junos OS

CWE-23Relative Path TraversalCWE-22Path Traversal5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 34.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 18
Latest updateOct 28

Description

A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the file due to validation checks built into Junos OS. Successful exploitation of this vulnerability could lead to loss of filesystem integrity. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.1R3-S9+12
NVDjuniper/junos< 19.1+13

🔴Vulnerability Details

2
GHSA
GHSA-ch96-rh97-j6j3: A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the d2022-10-18
CVEList
Junos OS: Path traversal vulnerability in J-Web2022-10-18

🔍Detection Rules

1
Suricata
ET MALWARE Potential Juniper Path Traversal RCE Attempt (CVE-2022-22245)2022-10-28

📋Vendor Advisories

1
Juniper
CVE-2022-22245: A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the d2022-10-18
CVE-2022-22245 — Relative Path Traversal | cvebase