Lucene search
HistoryOct 18, 2022 - 3:15 a.m.
CVE-2022-22244
cve-2022-22244
juniper networks junos os
xpath injection
security vulnerability
confidentiality loss
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.4%
An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2.
Affected configurations
Node
juniperjunosRange<19.1
ORjuniperjunosMatch19.1-
ORjuniperjunosMatch19.1r1
ORjuniperjunosMatch19.1r1-s1
ORjuniperjunosMatch19.1r1-s2
ORjuniperjunosMatch19.1r1-s3
ORjuniperjunosMatch19.1r1-s4
ORjuniperjunosMatch19.1r1-s5
ORjuniperjunosMatch19.1r1-s6
ORjuniperjunosMatch19.1r2
ORjuniperjunosMatch19.1r2-s1
ORjuniperjunosMatch19.1r2-s2
ORjuniperjunosMatch19.1r2-s3
ORjuniperjunosMatch19.1r3
ORjuniperjunosMatch19.1r3-s1
ORjuniperjunosMatch19.1r3-s2
ORjuniperjunosMatch19.1r3-s3
ORjuniperjunosMatch19.1r3-s4
ORjuniperjunosMatch19.1r3-s5
ORjuniperjunosMatch19.1r3-s6
ORjuniperjunosMatch19.1r3-s7
ORjuniperjunosMatch19.1r3-s8
ORjuniperjunosMatch19.2-
ORjuniperjunosMatch19.2r1
ORjuniperjunosMatch19.2r1-s1
ORjuniperjunosMatch19.2r1-s2
ORjuniperjunosMatch19.2r1-s3
ORjuniperjunosMatch19.2r1-s4
ORjuniperjunosMatch19.2r1-s5
ORjuniperjunosMatch19.2r1-s6
ORjuniperjunosMatch19.2r1-s7
ORjuniperjunosMatch19.2r1-s8
ORjuniperjunosMatch19.2r1-s9
ORjuniperjunosMatch19.2r2
ORjuniperjunosMatch19.2r2-s1
ORjuniperjunosMatch19.2r3
ORjuniperjunosMatch19.2r3-s1
ORjuniperjunosMatch19.2r3-s2
ORjuniperjunosMatch19.2r3-s3
ORjuniperjunosMatch19.2r3-s4
ORjuniperjunosMatch19.2r3-s5
ORjuniperjunosMatch19.3-
ORjuniperjunosMatch19.3r1
ORjuniperjunosMatch19.3r1-s1
ORjuniperjunosMatch19.3r2
ORjuniperjunosMatch19.3r2-s1
ORjuniperjunosMatch19.3r2-s2
ORjuniperjunosMatch19.3r2-s3
ORjuniperjunosMatch19.3r2-s4
ORjuniperjunosMatch19.3r2-s5
ORjuniperjunosMatch19.3r2-s6
ORjuniperjunosMatch19.3r3
ORjuniperjunosMatch19.3r3-s1
ORjuniperjunosMatch19.3r3-s2
ORjuniperjunosMatch19.3r3-s3
ORjuniperjunosMatch19.3r3-s4
ORjuniperjunosMatch19.3r3-s5
ORjuniperjunosMatch19.3r3-s6
ORjuniperjunosMatch19.4-
ORjuniperjunosMatch19.4r1
ORjuniperjunosMatch19.4r1-s1
ORjuniperjunosMatch19.4r1-s2
ORjuniperjunosMatch19.4r1-s3
ORjuniperjunosMatch19.4r1-s4
ORjuniperjunosMatch19.4r2
ORjuniperjunosMatch19.4r2-s1
ORjuniperjunosMatch19.4r2-s2
ORjuniperjunosMatch19.4r2-s3
ORjuniperjunosMatch19.4r2-s4
ORjuniperjunosMatch19.4r2-s5
ORjuniperjunosMatch19.4r2-s6
ORjuniperjunosMatch19.4r3
ORjuniperjunosMatch19.4r3-s1
ORjuniperjunosMatch19.4r3-s2
ORjuniperjunosMatch19.4r3-s3
ORjuniperjunosMatch19.4r3-s4
ORjuniperjunosMatch19.4r3-s5
ORjuniperjunosMatch19.4r3-s6
ORjuniperjunosMatch19.4r3-s7
ORjuniperjunosMatch19.4r3-s8
ORjuniperjunosMatch20.1-
ORjuniperjunosMatch20.1r1
ORjuniperjunosMatch20.1r1-s1
ORjuniperjunosMatch20.1r1-s2
ORjuniperjunosMatch20.1r1-s3
ORjuniperjunosMatch20.1r1-s4
ORjuniperjunosMatch20.1r2
ORjuniperjunosMatch20.1r2-s1
ORjuniperjunosMatch20.1r2-s2
ORjuniperjunosMatch20.1r3
ORjuniperjunosMatch20.1r3-s1
ORjuniperjunosMatch20.1r3-s2
ORjuniperjunosMatch20.1r3-s3
ORjuniperjunosMatch20.1r3-s4
ORjuniperjunosMatch20.2-
ORjuniperjunosMatch20.2r1
ORjuniperjunosMatch20.2r1-s1
ORjuniperjunosMatch20.2r1-s2
ORjuniperjunosMatch20.2r1-s3
ORjuniperjunosMatch20.2r2
ORjuniperjunosMatch20.2r2-s1
ORjuniperjunosMatch20.2r2-s2
ORjuniperjunosMatch20.2r2-s3
ORjuniperjunosMatch20.2r3
ORjuniperjunosMatch20.2r3-s1
ORjuniperjunosMatch20.2r3-s2
ORjuniperjunosMatch20.2r3-s3
ORjuniperjunosMatch20.2r3-s4
ORjuniperjunosMatch20.3-
ORjuniperjunosMatch20.3r1
ORjuniperjunosMatch20.3r1-s1
ORjuniperjunosMatch20.3r1-s2
ORjuniperjunosMatch20.3r2
ORjuniperjunosMatch20.3r2-s1
ORjuniperjunosMatch20.3r3
ORjuniperjunosMatch20.3r3-s1
ORjuniperjunosMatch20.3r3-s2
ORjuniperjunosMatch20.3r3-s3
ORjuniperjunosMatch20.3r3-s4
ORjuniperjunosMatch20.4-
ORjuniperjunosMatch20.4r1
ORjuniperjunosMatch20.4r1-s1
ORjuniperjunosMatch20.4r2
ORjuniperjunosMatch20.4r2-s1
ORjuniperjunosMatch20.4r2-s2
ORjuniperjunosMatch20.4r3
ORjuniperjunosMatch20.4r3-s1
ORjuniperjunosMatch20.4r3-s2
ORjuniperjunosMatch20.4r3-s3
ORjuniperjunosMatch21.1-
ORjuniperjunosMatch21.1r1
ORjuniperjunosMatch21.1r1-s1
ORjuniperjunosMatch21.1r2
ORjuniperjunosMatch21.1r2-s1
ORjuniperjunosMatch21.1r2-s2
ORjuniperjunosMatch21.1r3
ORjuniperjunosMatch21.1r3-s1
ORjuniperjunosMatch21.2-
ORjuniperjunosMatch21.2r1
ORjuniperjunosMatch21.2r1-s1
ORjuniperjunosMatch21.2r1-s2
ORjuniperjunosMatch21.2r2
ORjuniperjunosMatch21.2r2-s1
ORjuniperjunosMatch21.2r2-s2
ORjuniperjunosMatch21.2r3
ORjuniperjunosMatch21.3-
ORjuniperjunosMatch21.3r1
ORjuniperjunosMatch21.3r1-s1
ORjuniperjunosMatch21.3r1-s2
ORjuniperjunosMatch21.3r2
ORjuniperjunosMatch21.3r2-s1
ORjuniperjunosMatch21.3r2-s2
ORjuniperjunosMatch21.4-
ORjuniperjunosMatch21.4r1
ORjuniperjunosMatch21.4r1-s1
ORjuniperjunosMatch21.4r1-s2
ORjuniperjunosMatch21.4r2
ORjuniperjunosMatch21.4r2-s1
ORjuniperjunosMatch22.1r1
ORjuniperjunosMatch22.1r1-s1
CNA Affected
[
{
"vendor": "Juniper Networks",
"product": "Junos OS",
"versions": [
{
"version": "unspecified",
"lessThan": "19.1R3-S9",
"status": "affected",
"versionType": "custom"
},
{
"version": "19.2",
"status": "affected",
"lessThan": "19.2R3-S6",
"versionType": "custom"
},
{
"version": "19.3",
"status": "affected",
"lessThan": "19.3R3-S7",
"versionType": "custom"
},
{
"version": "19.4",
"status": "affected",
"lessThan": "19.4R3-S9",
"versionType": "custom"
},
{
"version": "20.1",
"status": "affected",
"lessThan": "20.1R3-S5",
"versionType": "custom"
},
{
"version": "20.2",
"status": "affected",
"lessThan": "20.2R3-S5",
"versionType": "custom"
},
{
"version": "20.3",
"status": "affected",
"lessThan": "20.3R3-S5",
"versionType": "custom"
},
{
"version": "20.4",
"status": "affected",
"lessThan": "20.4R3-S4",
"versionType": "custom"
},
{
"version": "21.1",
"status": "affected",
"lessThan": "21.1R3-S3",
"versionType": "custom"
},
{
"version": "21.2",
"status": "affected",
"lessThan": "21.2R3-S1",
"versionType": "custom"
},
{
"version": "21.3",
"status": "affected",
"lessThan": "21.3R3",
"versionType": "custom"
},
{
"version": "21.4",
"status": "affected",
"lessThan": "21.4R1-S2, 21.4R2",
"versionType": "custom"
},
{
"version": "22.1",
"status": "affected",
"lessThan": "22.1R1-S1, 22.1R2",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
nvd
nvd
CVE-2022-22244
2022-10-18 03:15:11
prion
prion
Design/Logic Flaw
2022-10-18 03:15:00
cvelist
cvelist
nessus
nessus
Juniper Junos OS Multiple Vulnerabilities (JSA69899)
2022-10-28 00:00:00
thn
thn
High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices
2022-10-28 14:30:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.4%
Related for CVE-2022-22244