- 235/2022
- High
Juniper Networks has released multiple security updates to address many vulnerabilities affecting multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system, and cause a denial of service.
The most severe of the addressed vulnerabilities could allow the remote authenticated attacker with ‘WRITE’ permissions to store one or more malicious scripts that will infect any other authorized user’s account when they trigger the malicious script while managing the device.
Samples of the addressed vulnerabilities:
- Juniper Networks Paragon Active Assurance Cross-site Scripting Vulnerability (CVE-2022-22229):
- CVSS: 8.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Cross-Site Scripting
- Junos OS Privilege Escalation Vulnerability (CVE-2022-22239):
- CVSS: 8.2
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Escalate Privilege
It should be highlighted that juniper addressed critical vulnerabilities in its security advisory belonging to Nginx, Open SSL, Apache Log4j2, and other embedded libraries in juniper’s products, for more information kindly check the below link:
Juniper Networks “Critical Libraries Vulnerabilities”
The enterprise should deploy this patch as soon as the testing phase is completed.
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.