Lucene search

JuniperCVELIST:CVE-2022-22241

HistoryOct 18, 2022 - 2:46 a.m.

CVE-2022-22241 Junos OS: Vulnerability in J-Web may allow deserialization without authentication

2022-10-1802:46:43

CWE-20

juniper

www.cve.org

junos os

j-web

unauthorized access

deserialization

authentication

juniper networks

input validation

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.005

Percentile

77.9%

JSON

An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead to unauthorized local file access or the ability to execute arbitrary commands. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "19.1R3-S9",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "19.2",
        "status": "affected",
        "lessThan": "19.2R3-S6",
        "versionType": "custom"
      },
      {
        "version": "19.3",
        "status": "affected",
        "lessThan": "19.3R3-S7",
        "versionType": "custom"
      },
      {
        "version": "19.4",
        "status": "affected",
        "lessThan": "19.4R2-S7, 19.4R3-S9",
        "versionType": "custom"
      },
      {
        "version": "20.1",
        "status": "affected",
        "lessThan": "20.1R3-S5",
        "versionType": "custom"
      },
      {
        "version": "20.2",
        "status": "affected",
        "lessThan": "20.2R3-S5",
        "versionType": "custom"
      },
      {
        "version": "20.3",
        "status": "affected",
        "lessThan": "20.3R3-S5",
        "versionType": "custom"
      },
      {
        "version": "20.4",
        "status": "affected",
        "lessThan": "20.4R3-S4",
        "versionType": "custom"
      },
      {
        "version": "21.1",
        "status": "affected",
        "lessThan": "21.1R3-S2",
        "versionType": "custom"
      },
      {
        "version": "21.2",
        "status": "affected",
        "lessThan": "21.2R3-S1",
        "versionType": "custom"
      },
      {
        "version": "21.3",
        "status": "affected",
        "lessThan": "21.3R2-S2, 21.3R3",
        "versionType": "custom"
      },
      {
        "version": "21.4",
        "status": "affected",
        "lessThan": "21.4R1-S2, 21.4R2-S1, 21.4R3",
        "versionType": "custom"
      },
      {
        "version": "22.1",
        "status": "affected",
        "lessThan": "22.1R1-S1, 22.1R2",
        "versionType": "custom"
      }
    ]
  }
]

References

kb.juniper.net/JSA69899

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.005

Percentile

77.9%

JSON

Related for CVELIST:CVE-2022-22241