CVE-2022-22246 — Inclusion of Functionality from Untrusted Control Sphere in Networks Junos OS

CWE-829 — Inclusion of Functionality from Untrusted Control Sphere5 documents5 sources

Severity

8.8HIGHNVD

CNA7.5

EPSS

0.5%

top 33.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedOct 18

Latest updateOct 28

Description

A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, and by circumventing existing attack requirements, successful exploitation could lead to a complete system compromise. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 19.1R3-S9+12

▶NVDjuniper/junos< 19.1+13

🔴Vulnerability Details

CVEList

Junos OS: PHP file inclusion vulnerability in J-Web↗2022-10-18

▶

GHSA

GHSA-8x6h-2g3w-6mg5: A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker t↗2022-10-18

▶

🔍Detection Rules

Suricata

ET MALWARE Potential Juniper PHP Local File Inclusion Attempt (CVE-2022-22246)↗2022-10-28

▶

📋Vendor Advisories

Juniper

CVE-2022-22246: A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker t↗2022-10-18

▶