VDB
CVE-2022-22189
CVE-2022-22189
PUBLISHED
CVSS 7.300000190734863 HIGH
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0.
EPSS 0.03% · 8.9th percentile
Risk Scores
CVSS v3.1
7.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.03%
8.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| juniper | contrail_service_orchestration | 6.0.0, 6.0.0, 6.0.0 |
| Juniper Networks | Contrail Service Orchestration | 6.0.0, * |
Timeline
- Apr 14, 2022 CVE Published
- Apr 15, 2022 EPSS Score
- Jun 4, 2022 EPSS Score
- Jul 25, 2022 EPSS Score
- Sep 13, 2022 EPSS Score
- Nov 2, 2022 EPSS Score
- Dec 23, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 22, 2023 EPSS Score
- Jul 11, 2023 EPSS Score
References
- https://kb.juniper.net/JSA69498 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-22189 advisory
- https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Juniper-Secure-Analytics-JSA-Series-Heap-Based-Buffer-Overflow-in-Sudo-CVE-2021-3156?language=en_US advisory
- https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-JIMS-Local-Privilege-Escalation-vulnerability-via-repair-functionality-CVE-2022-22187?language=en_US advisory
- https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Paragon-Active-Assurance-Local-Privilege-Escalation-in-polkits-pkexec-CVE-2021-4034?language=en_US advisory
- https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Service-Orchestration-An-authenticated-local-user-may-have-their-permissions-elevated-via-the-device-via-management-interface-without-authentication-CVE-2022-22189?language=en_US advisory
- https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-3-CVE-yyyy-nnnn?language=en_US advisory
- https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-in-crafted-URL-CVE-2022-22190?language=en_US advisory
- https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L4?language=en_US advisory