{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-22251", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "datePublished": "2022-10-18T02:46:54.129Z", "dateUpdated": "2025-05-08T19:26:28.557Z", "dateReserved": "2021-12-21T00:00:00.000Z"}, "containers": {"cna": {"title": "cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges", "datePublic": "2022-10-12T00:00:00.000Z", "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2022-10-18T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series."}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"version": "unspecified", "lessThan": "20.2R1", "status": "unaffected", "versionType": "custom"}, {"version": "20.2R1", "status": "affected", "lessThan": "20.2*", "versionType": "custom"}, {"version": "20.3R1", "status": "affected", "lessThan": "20.3*", "versionType": "custom"}, {"version": "20.4R1", "status": "affected", "lessThan": "20.4*", "versionType": "custom"}, {"version": "21.1R1", "status": "affected", "lessThan": "21.1*", "versionType": "custom"}], "platforms": ["cSRX Series"]}], "references": [{"url": "https://kb.juniper.net/JSA69908"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-257 Storing Passwords in a Recoverable Format", "cweId": "CWE-257"}]}, {"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-275 Permission Issues", "cweId": "CWE-275"}]}, {"descriptions": [{"type": "text", "lang": "en", "description": "Privilege elevation"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "JSA69908", "defect": ["1564383"], "discovery": "INTERNAL"}, "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R1, and all subsequent releases.\n\nAdditionally, customers using Docker or Kubernetes must contact JTAC to receive additional guidance on applying commands manually to deployments to provide a complete fix."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:07:50.384Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.juniper.net/JSA69908", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T19:26:16.282945Z", "id": "CVE-2022-22251", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T19:26:28.557Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kb.juniper.net/JSA69908", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:07:50.384Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-22251", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-08T19:26:16.282945Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T19:26:21.015Z"}}], "cna": {"title": "cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges", "source": {"defect": ["1564383"], "advisory": "JSA69908", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "unaffected", "version": "unspecified", "lessThan": "20.2R1", "versionType": "custom"}, {"status": "affected", "version": "20.2R1", "lessThan": "20.2*", "versionType": "custom"}, {"status": "affected", "version": "20.3R1", "lessThan": "20.3*", "versionType": "custom"}, {"status": "affected", "version": "20.4R1", "lessThan": "20.4*", "versionType": "custom"}, {"status": "affected", "version": "21.1R1", "lessThan": "21.1*", "versionType": "custom"}], "platforms": ["cSRX Series"]}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R1, and all subsequent releases.\n\nAdditionally, customers using Docker or Kubernetes must contact JTAC to receive additional guidance on applying commands manually to deployments to provide a complete fix."}], "datePublic": "2022-10-12T00:00:00.000Z", "references": [{"url": "https://kb.juniper.net/JSA69908"}], "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-257", "description": "CWE-257 Storing Passwords in a Recoverable Format"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-275", "description": "CWE-275 Permission Issues"}]}, {"descriptions": [{"lang": "en", "type": "text", "description": "Privilege elevation"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2022-10-18T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-22251", "state": "PUBLISHED", "dateUpdated": "2025-05-08T19:26:28.557Z", "dateReserved": "2021-12-21T00:00:00.000Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2022-10-18T02:46:54.129Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F706555A-8840-4EC4-ABCC-5EE92EDA050D", "versionEndExcluding": "21.2", "versionStartIncluding": "20.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*", "matchCriteriaId": "11D4A86D-BDB4-4A01-96FE-7E023C58074B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series."}, {"lang": "es", "value": "En los dispositivos cSRX Series, los problemas de permisos de software en el sistema de archivos del contenedor y los archivos almacenados, combinados con el almacenamiento de contrase\u00f1as en un formato recuperable en Junos OS de Juniper Networks, permiten a un atacante local poco privilegiado elevar sus permisos para tomar el control de cualquier instancia de una implementaci\u00f3n de software cSRX. Este problema afecta a Juniper Networks Junos OS 20.2 versi\u00f3n 20.2R1 y versiones posteriores anteriores a 21.2R1 en cSRX Series"}], "id": "CVE-2022-22251", "lastModified": "2024-11-21T06:46:29.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2022-10-18T03:15:11.657", "references": [{"source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA69908"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA69908"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-257"}, {"lang": "en", "value": "CWE-275"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "[email protected]", "type": "Primary"}]}

{}