We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-22251

cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges



Description

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.

Reserved 2021-12-21 | Published 2022-10-18 | Updated 2024-09-16 | Assigner juniper


HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-257 Storing Passwords in a Recoverable Format

CWE-275 Permission Issues

Privilege elevation

Product status

Any version before 20.2R1
unaffected

20.2R1 before 20.2*
affected

20.3R1 before 20.3*
affected

20.4R1 before 20.4*
affected

21.1R1 before 21.1*
affected

References

kb.juniper.net/JSA69908

cve.org (CVE-2022-22251)

nvd.nist.gov (CVE-2022-22251)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-22251

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.