ID

VAR-202210-0848


CVE

CVE-2022-22239


TITLE

Juniper Networks  Junos OS Evolved  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019207

DESCRIPTION

An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-EVO; 21.2-EVO versions prior to 21.2R2-S1-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS. Juniper Networks Junos OS Evolved Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-22239 // JVNDB: JVNDB-2022-019207 // VULHUB: VHN-409768

AFFECTED PRODUCTS

vendor:junipermodel:junos os evolvedscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:ltversion:20.4

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junos os evolvedscope:eqversion:21.3

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos os evolvedscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope:eqversion:21.2

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope:eqversion:20.4

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos os evolvedscope:eqversion:21.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-019207 // NVD: CVE-2022-22239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22239
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2022-22239
value: HIGH

Trust: 1.0

NVD: CVE-2022-22239
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202210-655
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-22239
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 1.0

sirt@juniper.net: CVE-2022-22239
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2022-22239
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019207 // CNNVD: CNNVD-202210-655 // NVD: CVE-2022-22239 // NVD: CVE-2022-22239

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-250

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-409768 // JVNDB: JVNDB-2022-019207 // NVD: CVE-2022-22239

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-655

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-655

EXTERNAL IDS

db:NVDid:CVE-2022-22239

Trust: 3.3

db:JUNIPERid:JSA69895

Trust: 2.5

db:JVNDBid:JVNDB-2022-019207

Trust: 0.8

db:AUSCERTid:ESB-2022.5664

Trust: 0.6

db:CNNVDid:CNNVD-202210-655

Trust: 0.6

db:VULHUBid:VHN-409768

Trust: 0.1

sources: VULHUB: VHN-409768 // JVNDB: JVNDB-2022-019207 // CNNVD: CNNVD-202210-655 // NVD: CVE-2022-22239

REFERENCES

url:https://kb.juniper.net/jsa69895

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22239

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22239/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5664

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531

Trust: 0.6

sources: VULHUB: VHN-409768 // JVNDB: JVNDB-2022-019207 // CNNVD: CNNVD-202210-655 // NVD: CVE-2022-22239

SOURCES

db:VULHUBid:VHN-409768
db:JVNDBid:JVNDB-2022-019207
db:CNNVDid:CNNVD-202210-655
db:NVDid:CVE-2022-22239

LAST UPDATE DATE

2024-08-14T14:55:14.007000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409768date:2022-10-20T00:00:00
db:JVNDBid:JVNDB-2022-019207date:2023-10-24T08:20:00
db:CNNVDid:CNNVD-202210-655date:2022-11-09T00:00:00
db:NVDid:CVE-2022-22239date:2022-10-20T15:04:33.440

SOURCES RELEASE DATE

db:VULHUBid:VHN-409768date:2022-10-18T00:00:00
db:JVNDBid:JVNDB-2022-019207date:2023-10-24T00:00:00
db:CNNVDid:CNNVD-202210-655date:2022-10-12T00:00:00
db:NVDid:CVE-2022-22239date:2022-10-18T03:15:10.817