CVE-2022-22221
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show system download ..." commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2, 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2.
Affected (115)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 19.2 |
| Running on/with | Platform Versions |
|---|---|
Juniper Ex2200 | All versions |
Juniper Ex2200 C | All versions |
Juniper Ex2200 Vc | All versions |
Juniper Ex2300 | All versions |
Juniper Ex2300 C | All versions |
Juniper Ex2300m | All versions |
Juniper Ex3200 | All versions |
Juniper Ex3300 | All versions |
Juniper Ex3300 Vc | All versions |
Juniper Ex3400 | All versions |
Juniper Ex4200 | All versions |
Juniper Ex4200 Vc | All versions |
Juniper Ex4300 | All versions |
Juniper Ex4300 24p | All versions |
Juniper Ex4300 24p S | All versions |
Juniper Ex4300 24t | All versions |
Juniper Ex4300 24t S | All versions |
Juniper Ex4300 32f | All versions |
Juniper Ex4300 32f Dc | All versions |
Juniper Ex4300 32f S | All versions |
Juniper Ex4300 48mp | All versions |
Juniper Ex4300 48mp S | All versions |
Juniper Ex4300 48p | All versions |
Juniper Ex4300 48p S | All versions |
Juniper Ex4300 48t | All versions |
Juniper Ex4300 48t Afi | All versions |
Juniper Ex4300 48t Dc | All versions |
Juniper Ex4300 48t Dc Afi | All versions |
Juniper Ex4300 48t S | All versions |
Juniper Ex4300 48tafi | All versions |
Juniper Ex4300 48tdc | All versions |
Juniper Ex4300 48tdc Afi | All versions |
Juniper Ex4300 Mp | All versions |
Juniper Ex4300 Vc | All versions |
Juniper Ex4300m | All versions |
Juniper Ex4400 | All versions |
Juniper Ex4500 | All versions |
Juniper Ex4500 Vc | All versions |
Juniper Ex4550 | All versions |
Juniper Ex4550 Vc | All versions |
Juniper Ex4550/vc | All versions |
Juniper Ex4600 | All versions |
Juniper Ex4600 Vc | All versions |
Juniper Ex4650 | All versions |
Juniper Ex6200 | All versions |
Juniper Ex6210 | All versions |
Juniper Ex8200 | All versions |
Juniper Ex8200 Vc | All versions |
Juniper Ex8208 | All versions |
Juniper Ex8216 | All versions |
Juniper Ex9200 | All versions |
Juniper Ex9204 | All versions |
Juniper Ex9208 | All versions |
Juniper Ex9214 | All versions |
Juniper Ex9250 | All versions |
Juniper Ex9251 | All versions |
Juniper Ex9253 | All versions |
Juniper Ex Redundant Power System | All versions |
Juniper Srx100 | All versions |
Juniper Srx110 | All versions |
Juniper Srx1400 | All versions |
Juniper Srx1500 | All versions |
Juniper Srx210 | All versions |
Juniper Srx220 | All versions |
Juniper Srx240 | All versions |
Juniper Srx240h2 | All versions |
Juniper Srx300 | All versions |
Juniper Srx320 | All versions |
Juniper Srx340 | All versions |
Juniper Srx3400 | All versions |
Juniper Srx345 | All versions |
Juniper Srx3600 | All versions |
Juniper Srx380 | All versions |
Juniper Srx4000 | All versions |
Juniper Srx4100 | All versions |
Juniper Srx4200 | All versions |
Juniper Srx4600 | All versions |
Juniper Srx5000 | All versions |
Juniper Srx5400 | All versions |
Juniper Srx550 | All versions |
Juniper Srx550 Hm | All versions |
Juniper Srx550m | All versions |
Juniper Srx5600 | All versions |
Juniper Srx5800 | All versions |
Juniper Srx650 | All versions |
References (2)
Timeline
No history available yet.