Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistJuniperCVELIST:CVE-2022-22239
HistoryOct 12, 2022 - 12:00 a.m.

CVE-2022-22239 Junos OS Evolved: The ssh CLI command always runs as root which can lead to privilege escalation

2022-10-1200:00:00
CWE-250
juniper
www.cve.org
cve-2022-22239
juniper networks junos os evolved
ssh
privilege escalation
vulnerability
management daemon

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-EVO; 21.2-EVO versions prior to 21.2R2-S1-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS.

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS Evolved",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "20.4R3-S5-EVO",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "21.1-EVO",
        "status": "affected",
        "lessThan": "21.1R3-EVO",
        "versionType": "custom"
      },
      {
        "version": "21.2-EVO",
        "status": "affected",
        "lessThan": "21.2R2-S1-EVO, 21.2R3-EVO",
        "versionType": "custom"
      },
      {
        "version": "21.3-EVO",
        "status": "affected",
        "lessThan": "21.3R2-EVO",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
nessus 1
prion
prion
Command injection
2022-10-18 03:15:00
nvd
nvd
CVE-2022-22239
2022-10-18 03:15:10
cve
cve
CVE-2022-22239
2022-10-18 03:15:10
nessus
nessus
Juniper Junos OS Privilege Escalation (JSA69895)
2022-10-20 00:00:00

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for CVELIST:CVE-2022-22239
prion1nvd1cve1nessus1