CVE-2022-22239

EPSS 0.05%
Veröffentlicht 18.10.2022 03:15:10
Zuletzt bearbeitet 21.11.2024 06:46:27
Quelle sirt@juniper.net
Teams Watchlist Login
Unerledigt Login

An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-EVO; 21.2-EVO versions prior to 21.2R2-S1-EVO, 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Os Evolved Version < 20.4

Juniper ≫ Junos Os Evolved Version20.4 Update-

Juniper ≫ Junos Os Evolved Version20.4 Updater1

Juniper ≫ Junos Os Evolved Version20.4 Updater1-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater1-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater2

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater2-s3

Juniper ≫ Junos Os Evolved Version20.4 Updater3

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s1

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s2

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s3

Juniper ≫ Junos Os Evolved Version20.4 Updater3-s4

Juniper ≫ Junos Os Evolved Version21.1 Update-

Juniper ≫ Junos Os Evolved Version21.1 Updater1

Juniper ≫ Junos Os Evolved Version21.1 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.1 Updater2

Juniper ≫ Junos Os Evolved Version21.2 Update-

Juniper ≫ Junos Os Evolved Version21.2 Updater1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s1

Juniper ≫ Junos Os Evolved Version21.2 Updater1-s2

Juniper ≫ Junos Os Evolved Version21.2 Updater2

Juniper ≫ Junos Os Evolved Version21.3 Update-

Juniper ≫ Junos Os Evolved Version21.3 Updater1

Juniper ≫ Junos Os Evolved Version21.3 Updater1-s1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.131

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
sirt@juniper.net	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://kb.juniper.net/JSA69895

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22239

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22239

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22239

EUVD