Sign-up

ID

VAR-202204-1136


CVE

CVE-2022-22187


TITLE

Juniper Networks  Windows  for  Identity Management Service  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008551

DESCRIPTION

An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-22187 // JVNDB: JVNDB-2022-008551 // VULHUB: VHN-409716 // VULMON: CVE-2022-22187

AFFECTED PRODUCTS

vendor:junipermodel:identity management servicescope:ltversion:1.4.0

Trust: 1.0

vendor:ジュニパーネットワークスmodel:identity management servicescope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:identity management servicescope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:identity management servicescope:eqversion:1.4.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-008551 // NVD: CVE-2022-22187

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22187
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2022-22187
value: HIGH

Trust: 1.0

NVD: CVE-2022-22187
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202204-3412
value: HIGH

Trust: 0.6

VULHUB: VHN-409716
value: HIGH

Trust: 0.1

VULMON: CVE-2022-22187
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-22187
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-409716
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22187
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-22187
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-409716 // VULMON: CVE-2022-22187 // JVNDB: JVNDB-2022-008551 // CNNVD: CNNVD-202204-3412 // NVD: CVE-2022-22187 // NVD: CVE-2022-22187

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:Improper authority management (CWE-269) [ others ]

Trust: 0.8

sources: VULHUB: VHN-409716 // JVNDB: JVNDB-2022-008551 // NVD: CVE-2022-22187

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3412

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3412

PATCH

title:Juniper Networks Juniper Identity Management Service Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190589

Trust: 0.6

title:https://github.com/RonnieSalomonsen/My-CVEsurl:https://github.com/RonnieSalomonsen/My-CVEs

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-22187 // CNNVD: CNNVD-202204-3412

EXTERNAL IDS

db:NVDid:CVE-2022-22187

Trust: 3.4

db:JUNIPERid:JSA69495

Trust: 2.6

db:JVNDBid:JVNDB-2022-008551

Trust: 0.8

db:CNNVDid:CNNVD-202204-3412

Trust: 0.6

db:VULHUBid:VHN-409716

Trust: 0.1

db:VULMONid:CVE-2022-22187

Trust: 0.1

sources: VULHUB: VHN-409716 // VULMON: CVE-2022-22187 // JVNDB: JVNDB-2022-008551 // CNNVD: CNNVD-202204-3412 // NVD: CVE-2022-22187

REFERENCES

url:https://kb.juniper.net/jsa69495

Trust: 2.6

url:https://github.com/mandiant/vulnerability-disclosures/blob/master/2022/mndt-2022-0029/mndt-2022-0029.md

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22187

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22187/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/ronniesalomonsen/my-cves

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-409716 // VULMON: CVE-2022-22187 // JVNDB: JVNDB-2022-008551 // CNNVD: CNNVD-202204-3412 // NVD: CVE-2022-22187

SOURCES

db:VULHUBid:VHN-409716
db:VULMONid:CVE-2022-22187
db:JVNDBid:JVNDB-2022-008551
db:CNNVDid:CNNVD-202204-3412
db:NVDid:CVE-2022-22187

LAST UPDATE DATE

2024-11-23T23:10:55.018000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409716date:2023-01-31T00:00:00
db:VULMONid:CVE-2022-22187date:2023-01-31T00:00:00
db:JVNDBid:JVNDB-2022-008551date:2023-07-27T08:19:00
db:CNNVDid:CNNVD-202204-3412date:2022-06-14T00:00:00
db:NVDid:CVE-2022-22187date:2024-11-21T06:46:21.013

SOURCES RELEASE DATE

db:VULHUBid:VHN-409716date:2022-04-14T00:00:00
db:VULMONid:CVE-2022-22187date:2022-04-14T00:00:00
db:JVNDBid:JVNDB-2022-008551date:2023-07-27T00:00:00
db:CNNVDid:CNNVD-202204-3412date:2022-04-14T00:00:00
db:NVDid:CVE-2022-22187date:2022-04-14T16:15:08.047