CVE-2022-22251 : On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing pas

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.

Published 2022-10-18 03:15:12

Updated 2022-10-21 17:08:02

Source Juniper Networks, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-22251

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-22251

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	Juniper Networks, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-22251

CWE-257 Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

Assigned by: sirt@juniper.net (Secondary)
CWE-275

Assigned by: sirt@juniper.net (Secondary)
CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-22251

https://kb.juniper.net/JSA69908

2022-10 Security Bulletin: cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges (CVE-2022-22251)
Mitigation;Vendor Advisory

Products affected by CVE-2022-22251

Juniper » Junos
Versions from including (>=) 20.2 and before (<) 21.2
cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
Matching versions
When used together with: Juniper » Csrx » Version: N/A

Vulnerability Details : CVE-2022-22251

Exploit prediction scoring system (EPSS) score for CVE-2022-22251

CVSS scores for CVE-2022-22251

CWE ids for CVE-2022-22251

References for CVE-2022-22251

Products affected by CVE-2022-22251