What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-22251.

What is the severity of CVE-2022-22251?

The severity of CVE-2022-22251 is high with a severity value of 7.8.

Which software is affected by CVE-2022-22251?

Juniper Networks Junos OS versions 20.2 to 21.2 are affected by CVE-2022-22251.

How can an attacker exploit CVE-2022-22251?

A local, low-privileged attacker can exploit CVE-2022-22251 to elevate their permissions and take control of any instance of a cSRX software.

Vulnerability/
CVE-2022-22251

high

7.8

CWE

522 257 275

18/10/2022

16/9/2024

CVE-2022-22251: cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges

Q: What is the title of this vulnerability?

The title of this vulnerability is 'On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format'.

First published: Tue Oct 18 2022(Updated: )

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Juniper JUNOS	>=20.2<21.2
Juniper Csrx

Remedy

The following software releases have been updated to resolve this specific issue: Junos OS 21.2R1, and all subsequent releases. Additionally, customers using Docker or Kubernetes must contact JTAC to receive additional guidance on applying commands manually to deployments to provide a complete fix.

Never miss a vulnerability like this again

Reference Links

https://kb.juniper.net/JSA69908

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-22251.
What is the title of this vulnerability?
The title of this vulnerability is 'On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format'.
What is the severity of CVE-2022-22251?
The severity of CVE-2022-22251 is high with a severity value of 7.8.
Which software is affected by CVE-2022-22251?
Juniper Networks Junos OS versions 20.2 to 21.2 are affected by CVE-2022-22251.
How can an attacker exploit CVE-2022-22251?
A local, low-privileged attacker can exploit CVE-2022-22251 to elevate their permissions and take control of any instance of a cSRX software.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/title
agent/last-modified-date
agent/author
agent/remedy
agent/weakness
agent/tags
agent/event
agent/first-publish-date
agent/description
vendor/juniper
canonical/juniper junos
version/juniper junos/20.2
canonical/juniper csrx

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.