Sign-up

ID

VAR-202210-0849


CVE

CVE-2022-22245


TITLE

Juniper Networks  Junos OS  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019201

DESCRIPTION

A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the file due to validation checks built into Junos OS. Successful exploitation of this vulnerability could lead to loss of filesystem integrity. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. Juniper Networks Junos OS Exists in a past traversal vulnerability.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-22245 // JVNDB: JVNDB-2022-019201 // VULHUB: VHN-409774

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:21.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.1

Trust: 1.0

vendor:junipermodel:junosscope:ltversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:22.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:21.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.4

Trust: 1.0

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope: - version: -

Trust: 0.8

vendor:ジュニパーネットワークスmodel:junos osscope:eqversion:19.1

Trust: 0.8

sources: JVNDB: JVNDB-2022-019201 // NVD: CVE-2022-22245

CVSS

SEVERITY

CVSSV2

CVSSV3

sirt@juniper.net: CVE-2022-22245
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2022-019201
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202210-651
value: MEDIUM

Trust: 0.6

sirt@juniper.net:
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-019201
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-019201 // NVD: CVE-2022-22245 // CNNVD: CNNVD-202210-651

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-409774 // JVNDB: JVNDB-2022-019201 // NVD: CVE-2022-22245

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-651

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202210-651

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-22245

EXTERNAL IDS
db:NVDid:CVE-2022-22245
Trust: 3.3
db:JUNIPERid:JSA69899
Trust: 2.5
db:JVNDBid:JVNDB-2022-019201
Trust: 0.8
db:AUSCERTid:ESB-2022.5668
Trust: 0.6
db:CNNVDid:CNNVD-202210-651
Trust: 0.6
db:VULHUBid:VHN-409774
Trust: 0.1
sources:
            
            
            VULHUB: VHN-409774 // 
            
            
            
            JVNDB: JVNDB-2022-019201 // 
            
            
            
            NVD: CVE-2022-22245 // 
            
            
            
            CNNVD: CNNVD-202210-651

REFERENCES
url:https://kb.juniper.net/jsa69899
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2022-22245
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2022-22245/
Trust: 0.6
url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-39531
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.5668
Trust: 0.6
sources:
            
            
            VULHUB: VHN-409774 // 
            
            
            
            JVNDB: JVNDB-2022-019201 // 
            
            
            
            NVD: CVE-2022-22245 // 
            
            
            
            CNNVD: CNNVD-202210-651

SOURCES
db:VULHUBid:VHN-409774
db:JVNDBid:JVNDB-2022-019201
db:NVDid:CVE-2022-22245
db:CNNVDid:CNNVD-202210-651

LAST UPDATE DATE
2023-12-18T11:55:28.878000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-409774date:2022-10-20T00:00:00
db:JVNDBid:JVNDB-2022-019201date:2023-10-24T08:19:00
db:NVDid:CVE-2022-22245date:2022-10-20T15:15:52.483
db:CNNVDid:CNNVD-202210-651date:2022-11-09T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-409774date:2022-10-18T00:00:00
db:JVNDBid:JVNDB-2022-019201date:2023-10-24T00:00:00
db:NVDid:CVE-2022-22245date:2022-10-18T03:15:11.243
db:CNNVDid:CNNVD-202210-651date:2022-10-12T00:00:00