CVE-2022-22251 - Vulnerability Details - OpenCVE

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Juniper	Csrx Junos

Configuration 1 [-]

AND

cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*

cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kb.juniper.net/JSA69908

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00037}`	epss `{'score': 0.00041}`

Thu, 08 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2022-10-18T02:46:54.129Z

Updated: 2025-05-08T19:26:28.557Z

Reserved: 2021-12-21T00:00:00.000Z

Link: CVE-2022-22251

Vulnrichment

Updated: 2024-08-03T03:07:50.384Z

NVD

Status : Modified

Published: 2022-10-18T03:15:11.657

Modified: 2024-11-21T06:46:29.557

Link: CVE-2022-22251

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-22251", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "datePublished": "2022-10-18T02:46:54.129Z", "dateUpdated": "2025-05-08T19:26:28.557Z", "dateReserved": "2021-12-21T00:00:00.000Z"}, "containers": {"cna": {"title": "cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges", "datePublic": "2022-10-12T00:00:00.000Z", "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2022-10-18T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series."}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"version": "unspecified", "lessThan": "20.2R1", "status": "unaffected", "versionType": "custom"}, {"version": "20.2R1", "status": "affected", "lessThan": "20.2*", "versionType": "custom"}, {"version": "20.3R1", "status": "affected", "lessThan": "20.3*", "versionType": "custom"}, {"version": "20.4R1", "status": "affected", "lessThan": "20.4*", "versionType": "custom"}, {"version": "21.1R1", "status": "affected", "lessThan": "21.1*", "versionType": "custom"}], "platforms": ["cSRX Series"]}], "references": [{"url": "https://kb.juniper.net/JSA69908"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-257 Storing Passwords in a Recoverable Format", "cweId": "CWE-257"}]}, {"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-275 Permission Issues", "cweId": "CWE-275"}]}, {"descriptions": [{"type": "text", "lang": "en", "description": "Privilege elevation"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "JSA69908", "defect": ["1564383"], "discovery": "INTERNAL"}, "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R1, and all subsequent releases.\n\nAdditionally, customers using Docker or Kubernetes must contact JTAC to receive additional guidance on applying commands manually to deployments to provide a complete fix."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:07:50.384Z"}, "title": "CVE Program Container", "references": [{"url": "https://kb.juniper.net/JSA69908", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T19:26:16.282945Z", "id": "CVE-2022-22251", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T19:26:28.557Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://kb.juniper.net/JSA69908", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:07:50.384Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-22251", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-08T19:26:16.282945Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T19:26:21.015Z"}}], "cna": {"title": "cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges", "source": {"defect": ["1564383"], "advisory": "JSA69908", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "unaffected", "version": "unspecified", "lessThan": "20.2R1", "versionType": "custom"}, {"status": "affected", "version": "20.2R1", "lessThan": "20.2*", "versionType": "custom"}, {"status": "affected", "version": "20.3R1", "lessThan": "20.3*", "versionType": "custom"}, {"status": "affected", "version": "20.4R1", "lessThan": "20.4*", "versionType": "custom"}, {"status": "affected", "version": "21.1R1", "lessThan": "21.1*", "versionType": "custom"}], "platforms": ["cSRX Series"]}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R1, and all subsequent releases.\n\nAdditionally, customers using Docker or Kubernetes must contact JTAC to receive additional guidance on applying commands manually to deployments to provide a complete fix."}], "datePublic": "2022-10-12T00:00:00.000Z", "references": [{"url": "https://kb.juniper.net/JSA69908"}], "workarounds": [{"lang": "en", "value": "There are no viable workarounds for this issue. \n\nTo reduce the risk of exploitation of this issue, use access lists or firewall filters to limit access to the cSRX instance to only trusted administrative networks, hosts and users."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-257", "description": "CWE-257 Storing Passwords in a Recoverable Format"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-275", "description": "CWE-275 Permission Issues"}]}, {"descriptions": [{"lang": "en", "type": "text", "description": "Privilege elevation"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2022-10-18T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-22251", "state": "PUBLISHED", "dateUpdated": "2025-05-08T19:26:28.557Z", "dateReserved": "2021-12-21T00:00:00.000Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2022-10-18T02:46:54.129Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F706555A-8840-4EC4-ABCC-5EE92EDA050D", "versionEndExcluding": "21.2", "versionStartIncluding": "20.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:csrx:-:*:*:*:*:*:*:*", "matchCriteriaId": "11D4A86D-BDB4-4A01-96FE-7E023C58074B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series."}, {"lang": "es", "value": "En los dispositivos cSRX Series, los problemas de permisos de software en el sistema de archivos del contenedor y los archivos almacenados, combinados con el almacenamiento de contrase\u00f1as en un formato recuperable en Junos OS de Juniper Networks, permiten a un atacante local poco privilegiado elevar sus permisos para tomar el control de cualquier instancia de una implementaci\u00f3n de software cSRX. Este problema afecta a Juniper Networks Junos OS 20.2 versi\u00f3n 20.2R1 y versiones posteriores anteriores a 21.2R1 en cSRX Series"}], "id": "CVE-2022-22251", "lastModified": "2024-11-21T06:46:29.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2022-10-18T03:15:11.657", "references": [{"source": "sirt@juniper.net", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA69908"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://kb.juniper.net/JSA69908"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-257"}, {"lang": "en", "value": "CWE-275"}], "source": "sirt@juniper.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}