CVE-2022-22221 — HIGH (7.8)

Q: How severe is CVE-2022-22221?

CVE-2022-22221 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-22221?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex Redundant Power System, Juniper Ex2200, Juniper Ex2200-C, Juniper Ex2200-Vc.

Vulnerability Description

An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show system download ..." commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2, 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 19.2
Juniper	Ex Redundant Power System	-
Juniper	Ex2200	-
Juniper	Ex2200-C	-
Juniper	Ex2200-Vc	-
Juniper	Ex2300	-
Juniper	Ex2300-C	-
Juniper	Ex2300M	-
Juniper	Ex3200	-
Juniper	Ex3300	-
Juniper	Ex3300-Vc	-
Juniper	Ex3400	-
Juniper	Ex4200	-
Juniper	Ex4200-Vc	-
Juniper	Ex4300	-
Juniper	Ex4300-24P	-
Juniper	Ex4300-24P-S	-
Juniper	Ex4300-24T	-
Juniper	Ex4300-24T-S	-
Juniper	Ex4300-32F	-

References

https://kb.juniper.net/JSA69725Vendor Advisory
https://kb.juniper.net/JSA69725Vendor Advisory

FAQ

What is CVE-2022-22221?

CVE-2022-22221 is a vulnerability with a CVSS score of 7.8 (HIGH). An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privilege...

How severe is CVE-2022-22221?

CVE-2022-22221 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22221?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex Redundant Power System, Juniper Ex2200, Juniper Ex2200-C, Juniper Ex2200-Vc.