Lucene search
HistoryApr 14, 2022 - 4:15 p.m.
CVE-2022-22182
cve-2022-22182
cross-site scripting
xss
juniper networks
junos os
vulnerability
security
nvd
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
39.7%
A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S10, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2.
Affected configurations
Node
juniperjunosMatch12.3-
ORjuniperjunosMatch12.3r1
ORjuniperjunosMatch12.3r10
ORjuniperjunosMatch12.3r10-s1
ORjuniperjunosMatch12.3r10-s2
ORjuniperjunosMatch12.3r11
ORjuniperjunosMatch12.3r12
ORjuniperjunosMatch12.3r12-s1
ORjuniperjunosMatch12.3r12-s10
ORjuniperjunosMatch12.3r12-s11
ORjuniperjunosMatch12.3r12-s12
ORjuniperjunosMatch12.3r12-s13
ORjuniperjunosMatch12.3r12-s14
ORjuniperjunosMatch12.3r12-s15
ORjuniperjunosMatch12.3r12-s16
ORjuniperjunosMatch12.3r12-s17
ORjuniperjunosMatch12.3r12-s18
ORjuniperjunosMatch15.1-
ORjuniperjunosMatch15.1a1
ORjuniperjunosMatch15.1f
ORjuniperjunosMatch15.1f1
ORjuniperjunosMatch15.1f2
ORjuniperjunosMatch15.1f2-s1
ORjuniperjunosMatch15.1f2-s2
ORjuniperjunosMatch15.1f2-s3
ORjuniperjunosMatch15.1f2-s4
ORjuniperjunosMatch15.1f3
ORjuniperjunosMatch15.1f4
ORjuniperjunosMatch15.1f5
ORjuniperjunosMatch15.1f5-s7
ORjuniperjunosMatch15.1f6
ORjuniperjunosMatch15.1f6-s1
ORjuniperjunosMatch15.1f6-s10
ORjuniperjunosMatch15.1f6-s12
ORjuniperjunosMatch15.1f6-s2
ORjuniperjunosMatch15.1f6-s3
ORjuniperjunosMatch15.1f6-s4
ORjuniperjunosMatch15.1f6-s5
ORjuniperjunosMatch15.1f6-s6
ORjuniperjunosMatch15.1f6-s7
ORjuniperjunosMatch15.1f6-s8
ORjuniperjunosMatch15.1f6-s9
ORjuniperjunosMatch15.1f7
ORjuniperjunosMatch15.1r
ORjuniperjunosMatch15.1r1
ORjuniperjunosMatch15.1r2
ORjuniperjunosMatch15.1r3
ORjuniperjunosMatch15.1r4
ORjuniperjunosMatch15.1r4-s7
ORjuniperjunosMatch15.1r4-s8
ORjuniperjunosMatch15.1r4-s9
ORjuniperjunosMatch15.1r5
ORjuniperjunosMatch15.1r5-s1
ORjuniperjunosMatch15.1r5-s3
ORjuniperjunosMatch15.1r5-s5
ORjuniperjunosMatch15.1r5-s6
ORjuniperjunosMatch15.1r6
ORjuniperjunosMatch15.1r6-s1
ORjuniperjunosMatch15.1r6-s2
ORjuniperjunosMatch15.1r6-s3
ORjuniperjunosMatch15.1r6-s4
ORjuniperjunosMatch15.1r6-s6
ORjuniperjunosMatch15.1r7
ORjuniperjunosMatch15.1r7-s1
ORjuniperjunosMatch15.1r7-s2
ORjuniperjunosMatch15.1r7-s3
ORjuniperjunosMatch15.1r7-s4
ORjuniperjunosMatch15.1r7-s5
ORjuniperjunosMatch15.1r7-s6
ORjuniperjunosMatch15.1r7-s7
ORjuniperjunosMatch15.1r7-s8
ORjuniperjunosMatch15.1r7-s9
ORjuniperjunosMatch18.3-
ORjuniperjunosMatch18.3r
ORjuniperjunosMatch18.3r1
ORjuniperjunosMatch18.3r1-s1
ORjuniperjunosMatch18.3r1-s2
ORjuniperjunosMatch18.3r1-s3
ORjuniperjunosMatch18.3r1-s4
ORjuniperjunosMatch18.3r1-s5
ORjuniperjunosMatch18.3r1-s6
ORjuniperjunosMatch18.3r2
ORjuniperjunosMatch18.3r2-s1
ORjuniperjunosMatch18.3r2-s2
ORjuniperjunosMatch18.3r2-s3
ORjuniperjunosMatch18.3r2-s4
ORjuniperjunosMatch18.3r3
ORjuniperjunosMatch18.3r3-s1
ORjuniperjunosMatch18.3r3-s2
ORjuniperjunosMatch18.3r3-s3
ORjuniperjunosMatch18.3r3-s4
ORjuniperjunosMatch18.4-
ORjuniperjunosMatch18.4r1
ORjuniperjunosMatch18.4r1-s1
ORjuniperjunosMatch18.4r1-s2
ORjuniperjunosMatch18.4r1-s3
ORjuniperjunosMatch18.4r1-s4
ORjuniperjunosMatch18.4r1-s5
ORjuniperjunosMatch18.4r1-s6
ORjuniperjunosMatch18.4r1-s7
ORjuniperjunosMatch18.4r2
ORjuniperjunosMatch18.4r2-s1
ORjuniperjunosMatch18.4r2-s2
ORjuniperjunosMatch18.4r2-s3
ORjuniperjunosMatch18.4r2-s4
ORjuniperjunosMatch18.4r2-s5
ORjuniperjunosMatch18.4r2-s6
ORjuniperjunosMatch18.4r2-s7
ORjuniperjunosMatch18.4r2-s8
ORjuniperjunosMatch18.4r2-s9
ORjuniperjunosMatch18.4r3
ORjuniperjunosMatch18.4r3-s1
ORjuniperjunosMatch18.4r3-s10
ORjuniperjunosMatch18.4r3-s11
ORjuniperjunosMatch18.4r3-s2
ORjuniperjunosMatch18.4r3-s3
ORjuniperjunosMatch18.4r3-s4
ORjuniperjunosMatch18.4r3-s5
ORjuniperjunosMatch18.4r3-s6
ORjuniperjunosMatch18.4r3-s7
ORjuniperjunosMatch18.4r3-s8
ORjuniperjunosMatch19.1-
ORjuniperjunosMatch19.1r1
ORjuniperjunosMatch19.1r1-s1
ORjuniperjunosMatch19.1r1-s2
ORjuniperjunosMatch19.1r1-s3
ORjuniperjunosMatch19.1r1-s4
ORjuniperjunosMatch19.1r1-s5
ORjuniperjunosMatch19.1r1-s6
ORjuniperjunosMatch19.1r2
ORjuniperjunosMatch19.1r2-s1
ORjuniperjunosMatch19.1r2-s2
ORjuniperjunosMatch19.1r3
ORjuniperjunosMatch19.1r3-s1
ORjuniperjunosMatch19.1r3-s2
ORjuniperjunosMatch19.1r3-s3
ORjuniperjunosMatch19.1r3-s4
ORjuniperjunosMatch19.1r3-s5
ORjuniperjunosMatch19.2-
ORjuniperjunosMatch19.2r1
ORjuniperjunosMatch19.2r1-s1
ORjuniperjunosMatch19.2r1-s2
ORjuniperjunosMatch19.2r1-s3
ORjuniperjunosMatch19.2r1-s4
ORjuniperjunosMatch19.2r1-s5
ORjuniperjunosMatch19.2r1-s6
ORjuniperjunosMatch19.2r1-s7
ORjuniperjunosMatch19.2r3
ORjuniperjunosMatch19.2r3-s1
ORjuniperjunosMatch19.2r3-s2
ORjuniperjunosMatch19.3-
ORjuniperjunosMatch19.3r1
ORjuniperjunosMatch19.3r1-s1
ORjuniperjunosMatch19.3r2
ORjuniperjunosMatch19.3r2-s1
ORjuniperjunosMatch19.3r2-s2
ORjuniperjunosMatch19.3r2-s3
ORjuniperjunosMatch19.3r2-s4
ORjuniperjunosMatch19.3r2-s5
ORjuniperjunosMatch19.3r3
ORjuniperjunosMatch19.3r3-s1
ORjuniperjunosMatch19.3r3-s2
ORjuniperjunosMatch19.4-
ORjuniperjunosMatch19.4r1
ORjuniperjunosMatch19.4r1-s1
ORjuniperjunosMatch19.4r1-s2
ORjuniperjunosMatch19.4r1-s3
ORjuniperjunosMatch19.4r1-s4
ORjuniperjunosMatch19.4r2
ORjuniperjunosMatch19.4r2-s1
ORjuniperjunosMatch19.4r2-s2
ORjuniperjunosMatch19.4r2-s3
ORjuniperjunosMatch19.4r2-s4
ORjuniperjunosMatch19.4r3
ORjuniperjunosMatch19.4r3-s1
ORjuniperjunosMatch19.4r3-s2
ORjuniperjunosMatch19.4r3-s3
ORjuniperjunosMatch19.4r3-s4
ORjuniperjunosMatch20.1-
ORjuniperjunosMatch20.1r1
ORjuniperjunosMatch20.1r1-s1
ORjuniperjunosMatch20.1r1-s2
ORjuniperjunosMatch20.1r1-s3
ORjuniperjunosMatch20.1r1-s4
ORjuniperjunosMatch20.1r2
ORjuniperjunosMatch20.1r2-s1
ORjuniperjunosMatch20.1r2-s2
ORjuniperjunosMatch20.1r3
ORjuniperjunosMatch20.1r3-s1
ORjuniperjunosMatch20.2-
ORjuniperjunosMatch20.2r1
ORjuniperjunosMatch20.2r1-s1
ORjuniperjunosMatch20.2r1-s2
ORjuniperjunosMatch20.2r1-s3
ORjuniperjunosMatch20.2r2
ORjuniperjunosMatch20.2r2-s1
ORjuniperjunosMatch20.2r2-s2
ORjuniperjunosMatch20.2r2-s3
ORjuniperjunosMatch20.2r3
ORjuniperjunosMatch20.2r3-s1
ORjuniperjunosMatch20.3-
ORjuniperjunosMatch20.3r1
ORjuniperjunosMatch20.3r1-s1
ORjuniperjunosMatch20.3r2
ORjuniperjunosMatch20.3r2-s1
ORjuniperjunosMatch20.4-
ORjuniperjunosMatch20.4r1
ORjuniperjunosMatch20.4r1-s1
ORjuniperjunosMatch20.4r2
ORjuniperjunosMatch20.4r2-s1
ORjuniperjunosMatch21.1-
ORjuniperjunosMatch21.1r1
ORjuniperjunosMatch21.2r1
CNA Affected
[
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S19",
"status": "affected",
"version": "12.3",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S10",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S5",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S10, 18.4R3-S9",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S3, 19.1R3-S6",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S8, 19.2R3-S3",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S6, 19.3R3-S3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R3-S5",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S2",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R2-S2, 20.4R3",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R1-S1, 21.1R2",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S1, 21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
]References
Related
prion
prion
Cross site scripting
2022-04-14 16:15:00
cvelist
cvelist
nessus
nessus
Juniper Junos OS Vulnerability (JSA69519)
2022-04-22 00:00:00
nvd
nvd
CVE-2022-22182
2022-04-14 16:15:07
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
39.7%
Related for CVE-2022-22182