CVE-2022-22244

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 19.1R3-S9 Junos OS versions 19.2 prior to 19.2R3-S6 Junos OS versions 19.3 prior to 19.3R3-S7 Junos OS versions 19.4 prior to 19.4R3-S9 Junos OS versions 20.1 prior to 20.1R3-S5 Junos OS versions 20.2 prior to 20.2R3-S5 Junos OS versions 20.3 prior to 20.3R3-S5 Junos OS versions 20.4 prior to 20.4R3-S4 Junos OS versions 21.1 prior to 21.1R3-S3 Junos OS versions 21.2 prior to 21.2R3-S1 Junos OS versions 21.3 prior to 21.3R3 Junos OS versions 21.4 prior to 21.4R1-S2, 21.4R2 Junos OS versions 22.1 prior to 22.1R1-S1, 22.1R2

Description The issue affects the J-Web component of Juniper Networks Junos OS, allowing an unauthenticated attacker to send a crafted POST request to reach the XPath channel. This may lead to a partial loss of confidentiality and potentially allow chaining to other unspecified vulnerabilities. The vulnerability can be exploited by a remote attacker using a specially crafted POST request.

Recommendations For Junos OS versions prior to 19.1R3-S9, update to version 19.1R3-S9 or later. For Junos OS versions 19.2 prior to 19.2R3-S6, update to version 19.2R3-S6 or later. For Junos OS versions 19.3 prior to 19.3R3-S7, update to version 19.3R3-S7 or later. For Junos OS versions 19.4 prior to 19.4R3-S9, update to version 19.4R3-S9 or later. For Junos OS versions 20.1 prior to 20.1R3-S5, update to version 20.1R3-S5 or later. For Junos OS versions 20.2 prior to 20.2R3-S5, update to version 20.2R3-S5 or later. For Junos OS versions 20.3 prior to 20.3R3-S5, update to version 20.3R3-S5 or later. For Junos OS versions 20.4 prior to 20.4R3-S4, update to version 20.4R3-S4 or later. For Junos OS versions 21.1 prior to 21.1R3-S3, update to version 21.1R3-S3 or later. For Junos OS versions 21.2 prior to 21.2R3-S1, update to version 21.2R3-S1 or later. For Junos OS versions 21.3 prior to 21.3R3, update to version 21.3R3 or later. For Junos OS versions 21.4 prior to 21.4R1-S2, 21.4R2, update to version 21.4R1-S2, 21.4R2 or later. For Junos OS versions 22.1 prior to 22.1R1-S1, 22.1R2, update to version 22.1R1-S1, 22.1R2 or later.