PT-2022-5203 · Juniper Networks · Juniper Networks Contrail Service Orchestration

Published

2022-04-13

Updated

2022-04-25

CVE-2022-22189

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Juniper Networks Contrail Service Orchestration versions 6.0.0 through 6.0.0 Patch v2

Description The issue is related to an Incorrect Ownership Assignment vulnerability in the Juniper Networks Contrail Service Orchestration interface. This vulnerability allows a locally authenticated user to elevate their permissions without authentication, potentially gaining full control over the application.

Recommendations For Juniper Networks Contrail Service Orchestration versions 6.0.0 through 6.0.0 Patch v2, update to version 6.0.0 Patch v3 to resolve the issue.

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-708

Related Identifiers

BDU:2022-06460

CVE-2022-22189

Affected Products

Juniper Networks Contrail Service Orchestration

PT-2022-5203 · Juniper Networks · Juniper Networks Contrail Service Orchestration

CVE-2022-22189

Weakness Enumeration

Related Identifiers

Affected Products

References · 5