CVE-2022-22251 HIGH

CVE-2022-22251: cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges

Vendor Juniper Networks
Product Junos OS
Weakness CWE-257
Published October 18, 2022
Last update May 8, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.

Key dates

02Disclosure timeline

October 18, 2022 CVE published
May 8, 2025 Record updated