CVE-2022-22187

Name of the Vulnerable Software and Affected Versions Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0

Description An Improper Privilege Management issue in the Windows Installer framework used in Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. This operation triggers file operations in the %TEMP% folder, some of which are performed from a SYSTEM context, including the execution of temporary files. An attacker may provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation.

Recommendations For Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Windows Installer service to minimize the risk of exploitation. Avoid using the Windows Installer framework to trigger repair operations until the issue is resolved.