VDB

CVE-2022-22187

CVE-2022-22187 PUBLISHED CVSS 7.800000190734863 HIGH

An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0.

EPSS 0.04% · 11.7th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.04%
11.7th percentile

Affected Products

VendorProductVersions
juniperidentity_management_service0
Juniper NetworksJuniper Identity Management Service (JIMS)unspecified

Exploit Intelligence

…and 52 more exploits

Timeline

  • Apr 14, 2022 CVE Published
  • Apr 15, 2022 EPSS Score
  • Apr 26, 2022 EPSS Score
  • Jun 4, 2022 EPSS Score
  • Jul 25, 2022 EPSS Score
  • Sep 14, 2022 EPSS Score
  • Nov 3, 2022 EPSS Score
  • Dec 23, 2022 EPSS Score
  • Feb 11, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 22, 2023 EPSS Score
  • Jul 12, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›