CVE-2022-22248Incorrect Permission Assignment in Networks Junos OS Evolved

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 90.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedOct 18

Description

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's session. If the follow-on user is a high-privileged administrator, the attacker could leverage this vulnerability to take complete control of the target system. While this issue is triggered by a user, other

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved20.4-EVO20.4R3-S1-EVO+3
NVDjuniper/junos_os_evolved4 versions+3

🔴Vulnerability Details

2
CVEList
Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands2022-10-18
GHSA
GHSA-64r3-fpcv-4frw: An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify2022-10-18

📋Vendor Advisories

1
Juniper
CVE-2022-22248: An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify2022-10-18
CVE-2022-22248 — Incorrect Permission Assignment | cvebase