CVE-2022-22251
published 2022-10-18CVE-2022-22251: On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | >= 20.2 < 21.2 | 21.2 |
| juniper | junos_os | — | — |
| juniper | srx_series | — | — |
| juniper_networks | junos_os | >= 20.2R1 < 20.2* | 20.2* |
| juniper_networks | junos_os | >= 20.3R1 < 20.3* | 20.3* |
| juniper_networks | junos_os | >= 20.4R1 < 20.4* | 20.4* |
| juniper_networks | junos_os | >= 21.1R1 < 21.1* | 21.1* |