We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-22251

cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges



Assignerjuniper
Reserved2021-12-21
Published2022-10-18
Updated2024-09-16

Description

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.



HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Any version before 20.2R1
unaffected

20.2R1 before 20.2*
affected

20.3R1 before 20.3*
affected

20.4R1 before 20.4*
affected

21.1R1 before 21.1*
affected

References

https://kb.juniper.net/JSA69908

cve.org CVE-2022-22251

nvd.nist.gov CVE-2022-22251

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-22251
Support options

Helpdesk Telegram

Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.