Lucene search

K
cve[email protected]CVE-2022-22152
HistoryJan 19, 2022 - 1:15 a.m.

CVE-2022-22152

2022-01-1901:15:08
CWE-693
web.nvd.nist.gov
117
cve-2022-22152
juniper networks
contrail service orchestration
rest api
vulnerability
unauthorized access
nvd

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.4%

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant’s firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.

Affected configurations

NVD
Node
junipercontrail_service_orchestrationRange6.0.0
OR
junipercontrail_service_orchestrationMatch6.1.0-
OR
junipercontrail_service_orchestrationMatch6.1.0patch1
OR
junipercontrail_service_orchestrationMatch6.1.0patch2

CNA Affected

[
  {
    "product": "Contrail Service Orchestration",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "6.1.0 Patch 3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.4%

Related for CVE-2022-22152