Lucene search
HistoryOct 18, 2022 - 3:15 a.m.
CVE-2022-22245
cve-2022-22245
juniper networks
junos os
vulnerability
path traversal
authenticated attacker
filesystem integrity
nvd
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.4%
A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the file due to validation checks built into Junos OS. Successful exploitation of this vulnerability could lead to loss of filesystem integrity. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.
Affected configurations
Node
juniperjunosRange<19.1
ORjuniperjunosMatch19.1-
ORjuniperjunosMatch19.1r1
ORjuniperjunosMatch19.1r1-s1
ORjuniperjunosMatch19.1r1-s2
ORjuniperjunosMatch19.1r1-s3
ORjuniperjunosMatch19.1r1-s4
ORjuniperjunosMatch19.1r1-s5
ORjuniperjunosMatch19.1r1-s6
ORjuniperjunosMatch19.1r2
ORjuniperjunosMatch19.1r2-s1
ORjuniperjunosMatch19.1r2-s2
ORjuniperjunosMatch19.1r2-s3
ORjuniperjunosMatch19.1r3
ORjuniperjunosMatch19.1r3-s1
ORjuniperjunosMatch19.1r3-s2
ORjuniperjunosMatch19.1r3-s3
ORjuniperjunosMatch19.1r3-s4
ORjuniperjunosMatch19.1r3-s5
ORjuniperjunosMatch19.1r3-s6
ORjuniperjunosMatch19.1r3-s7
ORjuniperjunosMatch19.1r3-s8
ORjuniperjunosMatch19.2-
ORjuniperjunosMatch19.2r1
ORjuniperjunosMatch19.2r1-s1
ORjuniperjunosMatch19.2r1-s2
ORjuniperjunosMatch19.2r1-s3
ORjuniperjunosMatch19.2r1-s4
ORjuniperjunosMatch19.2r1-s5
ORjuniperjunosMatch19.2r1-s6
ORjuniperjunosMatch19.2r1-s7
ORjuniperjunosMatch19.2r1-s8
ORjuniperjunosMatch19.2r1-s9
ORjuniperjunosMatch19.2r2
ORjuniperjunosMatch19.2r2-s1
ORjuniperjunosMatch19.2r3
ORjuniperjunosMatch19.2r3-s1
ORjuniperjunosMatch19.2r3-s2
ORjuniperjunosMatch19.2r3-s3
ORjuniperjunosMatch19.2r3-s4
ORjuniperjunosMatch19.2r3-s5
ORjuniperjunosMatch19.3-
ORjuniperjunosMatch19.3r1
ORjuniperjunosMatch19.3r1-s1
ORjuniperjunosMatch19.3r2
ORjuniperjunosMatch19.3r2-s1
ORjuniperjunosMatch19.3r2-s2
ORjuniperjunosMatch19.3r2-s3
ORjuniperjunosMatch19.3r2-s4
ORjuniperjunosMatch19.3r2-s5
ORjuniperjunosMatch19.3r2-s6
ORjuniperjunosMatch19.3r3
ORjuniperjunosMatch19.3r3-s1
ORjuniperjunosMatch19.3r3-s2
ORjuniperjunosMatch19.3r3-s3
ORjuniperjunosMatch19.3r3-s4
ORjuniperjunosMatch19.3r3-s5
ORjuniperjunosMatch19.3r3-s6
ORjuniperjunosMatch19.4-
ORjuniperjunosMatch19.4r1
ORjuniperjunosMatch19.4r1-s1
ORjuniperjunosMatch19.4r1-s2
ORjuniperjunosMatch19.4r1-s3
ORjuniperjunosMatch19.4r1-s4
ORjuniperjunosMatch19.4r2
ORjuniperjunosMatch19.4r2-s1
ORjuniperjunosMatch19.4r2-s2
ORjuniperjunosMatch19.4r2-s3
ORjuniperjunosMatch19.4r2-s4
ORjuniperjunosMatch19.4r2-s5
ORjuniperjunosMatch19.4r2-s6
ORjuniperjunosMatch19.4r3
ORjuniperjunosMatch19.4r3-s1
ORjuniperjunosMatch19.4r3-s2
ORjuniperjunosMatch19.4r3-s3
ORjuniperjunosMatch19.4r3-s4
ORjuniperjunosMatch19.4r3-s5
ORjuniperjunosMatch19.4r3-s6
ORjuniperjunosMatch19.4r3-s7
ORjuniperjunosMatch19.4r3-s8
ORjuniperjunosMatch20.1-
ORjuniperjunosMatch20.1r1
ORjuniperjunosMatch20.1r1-s1
ORjuniperjunosMatch20.1r1-s2
ORjuniperjunosMatch20.1r1-s3
ORjuniperjunosMatch20.1r1-s4
ORjuniperjunosMatch20.1r2
ORjuniperjunosMatch20.1r2-s1
ORjuniperjunosMatch20.1r2-s2
ORjuniperjunosMatch20.1r3
ORjuniperjunosMatch20.1r3-s1
ORjuniperjunosMatch20.1r3-s2
ORjuniperjunosMatch20.1r3-s3
ORjuniperjunosMatch20.1r3-s4
ORjuniperjunosMatch20.2-
ORjuniperjunosMatch20.2r1
ORjuniperjunosMatch20.2r1-s1
ORjuniperjunosMatch20.2r1-s2
ORjuniperjunosMatch20.2r1-s3
ORjuniperjunosMatch20.2r2
ORjuniperjunosMatch20.2r2-s1
ORjuniperjunosMatch20.2r2-s2
ORjuniperjunosMatch20.2r2-s3
ORjuniperjunosMatch20.2r3
ORjuniperjunosMatch20.2r3-s1
ORjuniperjunosMatch20.2r3-s2
ORjuniperjunosMatch20.2r3-s3
ORjuniperjunosMatch20.2r3-s4
ORjuniperjunosMatch20.3-
ORjuniperjunosMatch20.3r1
ORjuniperjunosMatch20.3r1-s1
ORjuniperjunosMatch20.3r1-s2
ORjuniperjunosMatch20.3r2
ORjuniperjunosMatch20.3r2-s1
ORjuniperjunosMatch20.3r3
ORjuniperjunosMatch20.3r3-s1
ORjuniperjunosMatch20.3r3-s2
ORjuniperjunosMatch20.3r3-s3
ORjuniperjunosMatch20.3r3-s4
ORjuniperjunosMatch20.4-
ORjuniperjunosMatch20.4r1
ORjuniperjunosMatch20.4r1-s1
ORjuniperjunosMatch20.4r2
ORjuniperjunosMatch20.4r2-s1
ORjuniperjunosMatch20.4r2-s2
ORjuniperjunosMatch20.4r3
ORjuniperjunosMatch20.4r3-s1
ORjuniperjunosMatch20.4r3-s2
ORjuniperjunosMatch20.4r3-s3
ORjuniperjunosMatch21.1-
ORjuniperjunosMatch21.1r1
ORjuniperjunosMatch21.1r1-s1
ORjuniperjunosMatch21.1r2
ORjuniperjunosMatch21.1r2-s1
ORjuniperjunosMatch21.1r2-s2
ORjuniperjunosMatch21.1r3
ORjuniperjunosMatch21.1r3-s1
ORjuniperjunosMatch21.2-
ORjuniperjunosMatch21.2r1
ORjuniperjunosMatch21.2r1-s1
ORjuniperjunosMatch21.2r1-s2
ORjuniperjunosMatch21.2r2
ORjuniperjunosMatch21.2r2-s1
ORjuniperjunosMatch21.2r2-s2
ORjuniperjunosMatch21.2r3
ORjuniperjunosMatch21.3-
ORjuniperjunosMatch21.3r1
ORjuniperjunosMatch21.3r1-s1
ORjuniperjunosMatch21.3r1-s2
ORjuniperjunosMatch21.3r2
ORjuniperjunosMatch21.3r2-s1
ORjuniperjunosMatch21.3r2-s2
ORjuniperjunosMatch21.4-
ORjuniperjunosMatch21.4r1
ORjuniperjunosMatch21.4r1-s1
ORjuniperjunosMatch21.4r1-s2
ORjuniperjunosMatch21.4r2
ORjuniperjunosMatch21.4r2-s1
ORjuniperjunosMatch22.1r1
ORjuniperjunosMatch22.1r1-s1
CNA Affected
[
{
"vendor": "Juniper Networks",
"product": "Junos OS",
"versions": [
{
"version": "unspecified",
"lessThan": "19.1R3-S9",
"status": "affected",
"versionType": "custom"
},
{
"version": "19.2",
"status": "affected",
"lessThan": "19.2R3-S6",
"versionType": "custom"
},
{
"version": "19.3",
"status": "affected",
"lessThan": "19.3R3-S7",
"versionType": "custom"
},
{
"version": "19.4",
"status": "affected",
"lessThan": "19.4R3-S9",
"versionType": "custom"
},
{
"version": "20.1",
"status": "affected",
"lessThan": "20.1R3-S5",
"versionType": "custom"
},
{
"version": "20.2",
"status": "affected",
"lessThan": "20.2R3-S5",
"versionType": "custom"
},
{
"version": "20.3",
"status": "affected",
"lessThan": "20.3R3-S5",
"versionType": "custom"
},
{
"version": "20.4",
"status": "affected",
"lessThan": "20.4R3-S4",
"versionType": "custom"
},
{
"version": "21.1",
"status": "affected",
"lessThan": "21.1R3-S2",
"versionType": "custom"
},
{
"version": "21.2",
"status": "affected",
"lessThan": "21.2R3-S1",
"versionType": "custom"
},
{
"version": "21.3",
"status": "affected",
"lessThan": "21.3R2-S2, 21.3R3",
"versionType": "custom"
},
{
"version": "21.4",
"status": "affected",
"lessThan": "21.4R1-S2, 21.4R2-S1, 21.4R3",
"versionType": "custom"
},
{
"version": "22.1",
"status": "affected",
"lessThan": "22.1R1-S1, 22.1R2",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
cvelist
cvelist
CVE-2022-22245 Junos OS: Path traversal vulnerability in J-Web
2022-10-12 00:00:00
prion
prion
Path traversal
2022-10-18 03:15:00
nvd
nvd
CVE-2022-22245
2022-10-18 03:15:11
nessus
nessus
Juniper Junos OS Multiple Vulnerabilities (JSA69899)
2022-10-28 00:00:00
thn
thn
High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices
2022-10-28 14:30:00
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.4%
Related for CVE-2022-22245