CVE-2022-22229

EPSS 0.27%
Veröffentlicht 18.10.2022 03:15:10
Zuletzt bearbeitet 21.11.2024 06:46:26
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infect any other authorized user's account when they accidentally trigger the malicious script(s) while managing the device. Triggering these attacks enables the attacker to execute commands with the permissions up to that of the superuser account. This issue affects: Juniper Networks Paragon Active Assurance (Formerly Netrounds) All versions prior to 3.1.1; 3.2 versions prior to 3.2.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Paragon Active Assurance Control Center Version < 3.1.1

Juniper ≫ Paragon Active Assurance Control Center Version3.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.502

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	8.4	1.7	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://kb.juniper.net/JSA69883

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22229

EUVD