CVE-2022-22189: Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication
First published: Thu Apr 14 2022(Updated: )
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Contrail Service Orchestration | =6.0.0 | |
| Juniper Contrail Service Orchestration | =6.0.0-patch1 | |
| Juniper Contrail Service Orchestration | =6.0.0-patch2 |
Remedy
The following software releases have been updated to resolve these specific issues: On-premises: Contrail Service Orchestration 6.0.0 Patch v3, 6.1.0, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/author
- agent/title
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/juniper
- canonical/juniper contrail service orchestration
- version/juniper contrail service orchestration/6.0.0
- version/juniper contrail service orchestration/6.0.0-patch1
- version/juniper contrail service orchestration/6.0.0-patch2