CVE-2022-22243

18.10.2022, 03:15

An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabilities, leading to a partial loss of confidentiality. This issue affects Juniper Networks Junos OS: all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2.

aka Blind XPath Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
juniper	CNA	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 55%

Vendor	Product	Version
juniper	junos	𝑥 < 19.1
juniper	junos	19.1
juniper	junos	19.1:r1
juniper	junos	19.1:r1-s1
juniper	junos	19.1:r1-s2
juniper	junos	19.1:r1-s3
juniper	junos	19.1:r1-s4
juniper	junos	19.1:r1-s5
juniper	junos	19.1:r1-s6
juniper	junos	19.1:r2
juniper	junos	19.1:r2-s1
juniper	junos	19.1:r2-s2
juniper	junos	19.1:r2-s3
juniper	junos	19.1:r3
juniper	junos	19.1:r3-s1
juniper	junos	19.1:r3-s2
juniper	junos	19.1:r3-s3
juniper	junos	19.1:r3-s4
juniper	junos	19.1:r3-s5
juniper	junos	19.1:r3-s6
juniper	junos	19.1:r3-s7
juniper	junos	19.1:r3-s8
juniper	junos	19.2
juniper	junos	19.2:r1
juniper	junos	19.2:r1-s1
juniper	junos	19.2:r1-s2
juniper	junos	19.2:r1-s3
juniper	junos	19.2:r1-s4
juniper	junos	19.2:r1-s5
juniper	junos	19.2:r1-s6
juniper	junos	19.2:r1-s7
juniper	junos	19.2:r1-s8
juniper	junos	19.2:r1-s9
juniper	junos	19.2:r2
juniper	junos	19.2:r2-s1
juniper	junos	19.2:r3
juniper	junos	19.2:r3-s1
juniper	junos	19.2:r3-s2
juniper	junos	19.2:r3-s3
juniper	junos	19.2:r3-s4
juniper	junos	19.2:r3-s5
juniper	junos	19.3
juniper	junos	19.3:r1
juniper	junos	19.3:r1-s1
juniper	junos	19.3:r2
juniper	junos	19.3:r2-s1
juniper	junos	19.3:r2-s2
juniper	junos	19.3:r2-s3
juniper	junos	19.3:r2-s4
juniper	junos	19.3:r2-s5
juniper	junos	19.3:r2-s6
juniper	junos	19.3:r3
juniper	junos	19.3:r3-s1
juniper	junos	19.3:r3-s2
juniper	junos	19.3:r3-s3
juniper	junos	19.3:r3-s4
juniper	junos	19.3:r3-s5
juniper	junos	19.3:r3-s6
juniper	junos	19.4
juniper	junos	19.4:r1
juniper	junos	19.4:r1-s1
juniper	junos	19.4:r1-s2
juniper	junos	19.4:r1-s3
juniper	junos	19.4:r1-s4
juniper	junos	19.4:r2
juniper	junos	19.4:r2-s1
juniper	junos	19.4:r2-s2
juniper	junos	19.4:r2-s3
juniper	junos	19.4:r2-s4
juniper	junos	19.4:r2-s5
juniper	junos	19.4:r2-s6
juniper	junos	19.4:r3
juniper	junos	19.4:r3-s1
juniper	junos	19.4:r3-s2
juniper	junos	19.4:r3-s3
juniper	junos	19.4:r3-s4
juniper	junos	19.4:r3-s5
juniper	junos	19.4:r3-s6
juniper	junos	19.4:r3-s7
juniper	junos	19.4:r3-s8
juniper	junos	20.1
juniper	junos	20.1:r1
juniper	junos	20.1:r1-s1
juniper	junos	20.1:r1-s2
juniper	junos	20.1:r1-s3
juniper	junos	20.1:r1-s4
juniper	junos	20.1:r2
juniper	junos	20.1:r2-s1
juniper	junos	20.1:r2-s2
juniper	junos	20.1:r3
juniper	junos	20.1:r3-s1
juniper	junos	20.1:r3-s2
juniper	junos	20.1:r3-s3
juniper	junos	20.1:r3-s4
juniper	junos	20.2
juniper	junos	20.2:r1
juniper	junos	20.2:r1-s1
juniper	junos	20.2:r1-s2
juniper	junos	20.2:r1-s3
juniper	junos	20.2:r2
juniper	junos	20.2:r2-s1
juniper	junos	20.2:r2-s2
juniper	junos	20.2:r2-s3
juniper	junos	20.2:r3
juniper	junos	20.2:r3-s1
juniper	junos	20.2:r3-s2
juniper	junos	20.2:r3-s3
juniper	junos	20.2:r3-s4
juniper	junos	20.3
juniper	junos	20.3:r1
juniper	junos	20.3:r1-s1
juniper	junos	20.3:r1-s2
juniper	junos	20.3:r2
juniper	junos	20.3:r2-s1
juniper	junos	20.3:r3
juniper	junos	20.3:r3-s1
juniper	junos	20.3:r3-s2
juniper	junos	20.3:r3-s3
juniper	junos	20.3:r3-s5
juniper	junos	20.4
juniper	junos	20.4:r1
juniper	junos	20.4:r1-s1
juniper	junos	20.4:r2
juniper	junos	20.4:r2-s1
juniper	junos	20.4:r2-s2
juniper	junos	20.4:r3
juniper	junos	20.4:r3-s1
juniper	junos	20.4:r3-s2
juniper	junos	20.4:r3-s3
juniper	junos	21.1
juniper	junos	21.1:r1
juniper	junos	21.1:r1-s1
juniper	junos	21.1:r2
juniper	junos	21.1:r2-s1
juniper	junos	21.1:r2-s2
juniper	junos	21.1:r3
juniper	junos	21.1:r3-s1
juniper	junos	21.2
juniper	junos	21.2:r1
juniper	junos	21.2:r1-s1
juniper	junos	21.2:r1-s2
juniper	junos	21.2:r2
juniper	junos	21.2:r2-s1
juniper	junos	21.2:r2-s2
juniper	junos	21.2:r3
juniper	junos	21.3
juniper	junos	21.3:r1
juniper	junos	21.3:r1-s1
juniper	junos	21.3:r1-s2
juniper	junos	21.3:r2
juniper	junos	21.3:r2-s1
juniper	junos	21.3:r2-s2
juniper	junos	21.4
juniper	junos	21.4:r1
juniper	junos	21.4:r1-s1
juniper	junos	21.4:r1-s2
juniper	junos	21.4:r2
juniper	junos	21.4:r2-s1
juniper	junos	21.4:r2-s2
juniper	junos	22.1:r1
juniper	junos	22.1:r1-s1
juniper	junos	22.1:r1-s2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://kb.juniper.net/JSA69899