CVE-2022-22239

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 20.4R3-S5-EVO Juniper Networks Junos OS Evolved version 21.1-EVO prior to 21.1R3-EVO Juniper Networks Junos OS Evolved version 21.2-EVO prior to 21.2R2-S1-EVO Juniper Networks Junos OS Evolved version 21.2-EVO prior to 21.2R3-EVO Juniper Networks Junos OS Evolved version 21.3-EVO prior to 21.3R2-EVO

Description The issue is related to insecure privilege management in the Management Daemon (MGD) of Juniper Networks Junos OS Evolved. Exploitation of this issue may allow an attacker to escalate their privileges. A locally authenticated attacker with low privileges can potentially escalate their privileges on the device and remote systems. This can be achieved through access to the ssh operational command, allowing the attacker to escalate their privileges on the system to root, or potentially on a remote system to root with user interaction on the local device.

Recommendations For versions prior to 20.4R3-S5-EVO, update to 20.4R3-S5-EVO or later. For version 21.1-EVO, update to 21.1R3-EVO or later. For version 21.2-EVO, update to 21.2R2-S1-EVO, 21.2R3-EVO or later. For version 21.3-EVO, update to 21.3R2-EVO or later.