ID
VAR-202210-1145
CVE
CVE-2022-22229
TITLE
Juniper Networks Paragon Active Assurance Control Center Cross-site scripting vulnerability in
Trust: 0.8
DESCRIPTION
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infect any other authorized user's account when they accidentally trigger the malicious script(s) while managing the device. Triggering these attacks enables the attacker to execute commands with the permissions up to that of the superuser account. This issue affects: Juniper Networks Paragon Active Assurance (Formerly Netrounds) All versions prior to 3.1.1; 3.2 versions prior to 3.2.1. (DoS) It may be in a state
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | juniper | model: | paragon active assurance control center | scope: | eq | version: | 3.2.0 | Trust: 1.0 |
| vendor: | juniper | model: | paragon active assurance control center | scope: | lt | version: | 3.1.1 | Trust: 1.0 |
| vendor: | ジュニパーネットワークス | model: | paragon active assurance control center | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ジュニパーネットワークス | model: | paragon active assurance control center | scope: | eq | version: | 3.2.0 | Trust: 0.8 |
| vendor: | ジュニパーネットワークス | model: | paragon active assurance control center | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | ジュニパーネットワークス | model: | paragon active assurance control center | scope: | eq | version: | 3.1.1 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.1 |
| problemtype: | Cross-site scripting (CWE-79) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
XSS
Trust: 0.6
PATCH
| title: | Juniper Networks Paragon Active Assurance Fixes for cross-site scripting vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=211486 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-22229 | Trust: 3.3 |
| db: | JUNIPER | id: | JSA69883 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2022-019215 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202210-1172 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-409758 | Trust: 0.1 |
REFERENCES
| url: | https://kb.juniper.net/jsa69883 | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-22229 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-22229/ | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-409758 |
| db: | JVNDB | id: | JVNDB-2022-019215 |
| db: | CNNVD | id: | CNNVD-202210-1172 |
| db: | NVD | id: | CVE-2022-22229 |
LAST UPDATE DATE
2024-08-14T15:27:03.862000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-409758 | date: | 2022-10-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-019215 | date: | 2023-10-24T08:20:00 |
| db: | CNNVD | id: | CNNVD-202210-1172 | date: | 2022-10-21T00:00:00 |
| db: | NVD | id: | CVE-2022-22229 | date: | 2022-10-20T14:49:44.643 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-409758 | date: | 2022-10-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-019215 | date: | 2023-10-24T00:00:00 |
| db: | CNNVD | id: | CNNVD-202210-1172 | date: | 2022-10-18T00:00:00 |
| db: | NVD | id: | CVE-2022-22229 | date: | 2022-10-18T03:15:10.130 |