Main Vulnerability Database Vulnerabilities #VU65371

#VU65371 OS Command Injection in Juniper Junos OS - CVE-2022-22221

Published: July 16, 2022

Vulnerability identifier: #VU65371

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-22221

CWE-ID: CWE-78

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the 'request system download ...' and 'show system download ...' commands. A local user can pass specially crafted data to the affected CLI commands and execute arbitrary OS commands on the target system with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-and-EX-Series-Local-privilege-escalation-flaw-in-download-functionality-CVE-2022-22221

#VU65371 OS Command Injection in Juniper Junos OS - CVE-2022-22221

Description

Remediation

External links

Please verify you're human