ID

VAR-202210-0849


CVE

CVE-2022-22245


TITLE

Juniper Networks  Junos OS  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019201

DESCRIPTION

A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the file due to validation checks built into Junos OS. Successful exploitation of this vulnerability could lead to loss of filesystem integrity. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. Juniper Networks Junos OS Exists in a past traversal vulnerability.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-22245 // JVNDB: JVNDB-2022-019201 // VULHUB: VHN-409774

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:22.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion:19.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-019201 // NVD: CVE-2022-22245

CVSS

SEVERITY

CVSSV2

CVSSV3

sirt@juniper.net: CVE-2022-22245
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-019201
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-651
value: MEDIUM

Trust: 0.6

sirt@juniper.net: CVE-2022-22245
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-019201
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019201 // CNNVD: CNNVD-202210-651 // NVD: CVE-2022-22245

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-23

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-409774 // JVNDB: JVNDB-2022-019201 // NVD: CVE-2022-22245

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-651

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202210-651

EXTERNAL IDS

db:NVDid:CVE-2022-22245

Trust: 3.3

db:JUNIPERid:JSA69899

Trust: 2.5

db:JVNDBid:JVNDB-2022-019201

Trust: 0.8

db:AUSCERTid:ESB-2022.5668

Trust: 0.6

db:CNNVDid:CNNVD-202210-651

Trust: 0.6

db:VULHUBid:VHN-409774

Trust: 0.1

sources: VULHUB: VHN-409774 // JVNDB: JVNDB-2022-019201 // CNNVD: CNNVD-202210-651 // NVD: CVE-2022-22245

REFERENCES

url:https://kb.juniper.net/jsa69899

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22245

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22245/

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5668

Trust: 0.6

sources: VULHUB: VHN-409774 // JVNDB: JVNDB-2022-019201 // CNNVD: CNNVD-202210-651 // NVD: CVE-2022-22245

SOURCES

db:VULHUBid:VHN-409774
db:JVNDBid:JVNDB-2022-019201
db:CNNVDid:CNNVD-202210-651
db:NVDid:CVE-2022-22245

LAST UPDATE DATE

2024-08-14T14:17:40.497000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409774date:2022-10-20T00:00:00
db:JVNDBid:JVNDB-2022-019201date:2023-10-24T08:19:00
db:CNNVDid:CNNVD-202210-651date:2022-11-09T00:00:00
db:NVDid:CVE-2022-22245date:2022-10-20T15:15:52.483

SOURCES RELEASE DATE

db:VULHUBid:VHN-409774date:2022-10-18T00:00:00
db:JVNDBid:JVNDB-2022-019201date:2023-10-24T00:00:00
db:CNNVDid:CNNVD-202210-651date:2022-10-12T00:00:00
db:NVDid:CVE-2022-22245date:2022-10-18T03:15:11.243