Lucene search

K
cve[email protected]CVE-2022-22221
HistoryJul 20, 2022 - 3:15 p.m.

CVE-2022-22221

2022-07-2015:15:09
web.nvd.nist.gov
31
4
cve-2022-22221
juniper networks
junos os
srx series
ex series
vulnerability
security advisory
nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.5%

An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the “request …” or “show system download …” commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2, 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2.

Affected configurations

NVD
Node
juniperjunosRange<19.2
OR
juniperjunosMatch19.2-
OR
juniperjunosMatch19.2r1
OR
juniperjunosMatch19.2r1-s1
OR
juniperjunosMatch19.2r1-s2
OR
juniperjunosMatch19.2r1-s3
OR
juniperjunosMatch19.2r1-s4
OR
juniperjunosMatch19.2r1-s5
OR
juniperjunosMatch19.2r1-s6
OR
juniperjunosMatch19.2r1-s7
OR
juniperjunosMatch19.2r1-s8
OR
juniperjunosMatch19.2r2
OR
juniperjunosMatch19.2r2-s1
OR
juniperjunosMatch19.2r3
OR
juniperjunosMatch19.2r3-s1
OR
juniperjunosMatch19.2r3-s2
OR
juniperjunosMatch19.2r3-s3
OR
juniperjunosMatch19.2r3-s4
OR
juniperjunosMatch19.3-
OR
juniperjunosMatch19.3r1
OR
juniperjunosMatch19.3r1-s1
OR
juniperjunosMatch19.3r2
OR
juniperjunosMatch19.3r2-s1
OR
juniperjunosMatch19.3r2-s2
OR
juniperjunosMatch19.3r2-s3
OR
juniperjunosMatch19.3r2-s4
OR
juniperjunosMatch19.3r2-s5
OR
juniperjunosMatch19.3r2-s6
OR
juniperjunosMatch19.3r3
OR
juniperjunosMatch19.3r3-s1
OR
juniperjunosMatch19.3r3-s2
OR
juniperjunosMatch19.3r3-s3
OR
juniperjunosMatch19.3r3-s4
OR
juniperjunosMatch19.3r3-s5
OR
juniperjunosMatch19.4-
OR
juniperjunosMatch19.4r1
OR
juniperjunosMatch19.4r1-s1
OR
juniperjunosMatch19.4r1-s2
OR
juniperjunosMatch19.4r1-s3
OR
juniperjunosMatch19.4r1-s4
OR
juniperjunosMatch19.4r2
OR
juniperjunosMatch19.4r2-s1
OR
juniperjunosMatch19.4r2-s2
OR
juniperjunosMatch19.4r2-s3
OR
juniperjunosMatch19.4r2-s4
OR
juniperjunosMatch19.4r2-s5
OR
juniperjunosMatch19.4r2-s6
OR
juniperjunosMatch19.4r3
OR
juniperjunosMatch19.4r3-s1
OR
juniperjunosMatch19.4r3-s2
OR
juniperjunosMatch19.4r3-s3
OR
juniperjunosMatch19.4r3-s4
OR
juniperjunosMatch19.4r3-s5
OR
juniperjunosMatch19.4r3-s6
OR
juniperjunosMatch19.4r3-s7
OR
juniperjunosMatch20.1-
OR
juniperjunosMatch20.1r1
OR
juniperjunosMatch20.1r1-s1
OR
juniperjunosMatch20.1r1-s2
OR
juniperjunosMatch20.1r1-s3
OR
juniperjunosMatch20.1r1-s4
OR
juniperjunosMatch20.1r2
OR
juniperjunosMatch20.1r2-s1
OR
juniperjunosMatch20.1r2-s2
OR
juniperjunosMatch20.1r3
OR
juniperjunosMatch20.1r3-s1
OR
juniperjunosMatch20.1r3-s2
OR
juniperjunosMatch20.1r3-s3
OR
juniperjunosMatch20.2-
OR
juniperjunosMatch20.2r1
OR
juniperjunosMatch20.2r1-s1
OR
juniperjunosMatch20.2r1-s2
OR
juniperjunosMatch20.2r1-s3
OR
juniperjunosMatch20.2r2
OR
juniperjunosMatch20.2r2-s1
OR
juniperjunosMatch20.2r2-s2
OR
juniperjunosMatch20.2r2-s3
OR
juniperjunosMatch20.2r3
OR
juniperjunosMatch20.2r3-s1
OR
juniperjunosMatch20.2r3-s2
OR
juniperjunosMatch20.2r3-s3
OR
juniperjunosMatch20.3-
OR
juniperjunosMatch20.3r1
OR
juniperjunosMatch20.3r1-s1
OR
juniperjunosMatch20.3r1-s2
OR
juniperjunosMatch20.3r2
OR
juniperjunosMatch20.3r2-s1
OR
juniperjunosMatch20.3r3
OR
juniperjunosMatch20.3r3-s1
OR
juniperjunosMatch20.3r3-s2
OR
juniperjunosMatch20.4-
OR
juniperjunosMatch20.4r1
OR
juniperjunosMatch20.4r1-s1
OR
juniperjunosMatch20.4r2
OR
juniperjunosMatch20.4r2-s1
OR
juniperjunosMatch20.4r2-s2
OR
juniperjunosMatch20.4r3
OR
juniperjunosMatch20.4r3-s1
OR
juniperjunosMatch21.1-
OR
juniperjunosMatch21.1r1
OR
juniperjunosMatch21.1r1-s1
OR
juniperjunosMatch21.1r2
OR
juniperjunosMatch21.1r2-s1
OR
juniperjunosMatch21.1r2-s2
OR
juniperjunosMatch21.1r3
OR
juniperjunosMatch21.2-
OR
juniperjunosMatch21.2r1
OR
juniperjunosMatch21.2r1-s1
OR
juniperjunosMatch21.2r1-s2
OR
juniperjunosMatch21.2r2
OR
juniperjunosMatch21.2r2-s1
OR
juniperjunosMatch21.3r1
OR
juniperjunosMatch21.3r1-s1
OR
juniperjunosMatch21.3r1-s2
OR
juniperjunosMatch21.4r1
AND
juniperex_redundant_power_systemMatch-
OR
juniperex2200Match-
OR
juniperex2200-cMatch-
OR
juniperex2200-vcMatch-
OR
juniperex2300Match-
OR
juniperex2300-cMatch-
OR
juniperex2300mMatch-
OR
juniperex3200Match-
OR
juniperex3300Match-
OR
juniperex3300-vcMatch-
OR
juniperex3400Match-
OR
juniperex4200Match-
OR
juniperex4200-vcMatch-
OR
juniperex4300Match-
OR
juniperex4300-24pMatch-
OR
juniperex4300-24p-sMatch-
OR
juniperex4300-24tMatch-
OR
juniperex4300-24t-sMatch-
OR
juniperex4300-32fMatch-
OR
juniperex4300-32f-dcMatch-
OR
juniperex4300-32f-sMatch-
OR
juniperex4300-48mpMatch-
OR
juniperex4300-48mp-sMatch-
OR
juniperex4300-48pMatch-
OR
juniperex4300-48p-sMatch-
OR
juniperex4300-48tMatch-
OR
juniperex4300-48t-afiMatch-
OR
juniperex4300-48t-dcMatch-
OR
juniperex4300-48t-dc-afiMatch-
OR
juniperex4300-48t-sMatch-
OR
juniperex4300-48tafiMatch-
OR
juniperex4300-48tdcMatch-
OR
juniperex4300-48tdc-afiMatch-
OR
juniperex4300-mpMatch-
OR
juniperex4300-vcMatch-
OR
juniperex4300mMatch-
OR
juniperex4400Match-
OR
juniperex4500Match-
OR
juniperex4500-vcMatch-
OR
juniperex4550Match-
OR
juniperex4550-vcMatch-
OR
juniperex4550\/vcMatch-
OR
juniperex4600Match-
OR
juniperex4600-vcMatch-
OR
juniperex4650Match-
OR
juniperex6200Match-
OR
juniperex6210Match-
OR
juniperex8200Match-
OR
juniperex8200-vcMatch-
OR
juniperex8208Match-
OR
juniperex8216Match-
OR
juniperex9200Match-
OR
juniperex9204Match-
OR
juniperex9208Match-
OR
juniperex9214Match-
OR
juniperex9250Match-
OR
juniperex9251Match-
OR
juniperex9253Match-
OR
junipersrx100Match-
OR
junipersrx110Match-
OR
junipersrx1400Match-
OR
junipersrx1500Match-
OR
junipersrx210Match-
OR
junipersrx220Match-
OR
junipersrx240Match-
OR
junipersrx240h2Match-
OR
junipersrx300Match-
OR
junipersrx320Match-
OR
junipersrx340Match-
OR
junipersrx3400Match-
OR
junipersrx345Match-
OR
junipersrx3600Match-
OR
junipersrx380Match-
OR
junipersrx4000Match-
OR
junipersrx4100Match-
OR
junipersrx4200Match-
OR
junipersrx4600Match-
OR
junipersrx5000Match-
OR
junipersrx5400Match-
OR
junipersrx550Match-
OR
junipersrx550_hmMatch-
OR
junipersrx550mMatch-
OR
junipersrx5600Match-
OR
junipersrx5800Match-
OR
junipersrx650Match-

CNA Affected

[
  {
    "platforms": [
      "SRX Series, EX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "19.1R3-S9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "19.2R1-S9, 19.2R3-S5",
        "status": "affected",
        "version": "19.2",
        "versionType": "custom"
      },
      {
        "lessThan": "19.3R3-S6",
        "status": "affected",
        "version": "19.3",
        "versionType": "custom"
      },
      {
        "lessThan": "19.4R3-S8",
        "status": "affected",
        "version": "19.4",
        "versionType": "custom"
      },
      {
        "lessThan": "20.1R3-S4",
        "status": "affected",
        "version": "20.1",
        "versionType": "custom"
      },
      {
        "lessThan": "20.2R3-S4",
        "status": "affected",
        "version": "20.2",
        "versionType": "custom"
      },
      {
        "lessThan": "20.3R3-S3",
        "status": "affected",
        "version": "20.3",
        "versionType": "custom"
      },
      {
        "lessThan": "20.4R3-S2, 20.4R3-S3",
        "status": "affected",
        "version": "20.4",
        "versionType": "custom"
      },
      {
        "lessThan": "21.1R3-S1",
        "status": "affected",
        "version": "21.1",
        "versionType": "custom"
      },
      {
        "lessThan": "21.2R2-S2, 21.2R3",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      },
      {
        "lessThan": "21.3R2, 21.3R3",
        "status": "affected",
        "version": "21.3",
        "versionType": "custom"
      },
      {
        "lessThan": "21.4R1-S1, 21.4R2",
        "status": "affected",
        "version": "21.4",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.5%

Related for CVE-2022-22221