Main Vulnerability Database Vulnerabilities #VU59637

#VU59637 Improper access control in Juniper Networks Contrail Service Orchestration - CVE-2022-22152

Published: January 17, 2022

Vulnerability identifier: #VU59637

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-22152

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Juniper Networks Contrail Service Orchestration

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the REST API. A remote authenticated user can view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities.

Remediation

Install updates from vendor's website.

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11260&cat=SIRT_1&actp=LIST

#VU59637 Improper access control in Juniper Networks Contrail Service Orchestration - CVE-2022-22152

Description

Remediation

External links

Please verify you're human