CVE-2022-22248

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved versions prior to 20.4R3-S1-EVO Juniper Networks Junos OS Evolved version 21.1-EVO Juniper Networks Junos OS Evolved versions prior to 21.2R3-EVO Juniper Networks Junos OS Evolved versions prior to 21.3R2-EVO

Description The issue is related to an Incorrect Permission Assignment vulnerability in shell processing, allowing a low-privileged local user to modify configuration files. This could lead to the execution of arbitrary commands within the context of another user's session, potentially allowing an attacker to take complete control of the target system if the follow-on user is a high-privileged administrator. The vulnerability can be exploited with Junos CLI access.

Recommendations For versions prior to 20.4R3-S1-EVO, update to 20.4R3-S1-EVO or later. For version 21.1-EVO, update to a version after 21.1-EVO, such as 21.2R3-EVO or later. For versions prior to 21.2R3-EVO, update to 21.2R3-EVO or later. For versions prior to 21.3R2-EVO, update to 21.3R2-EVO or later.