VYPR
Unrated severityNVD Advisory· Published Oct 18, 2022· Updated May 8, 2025

cSRX Series: Storing Passwords in a Recoverable Format and software permissions issues allows a local attacker to elevate privileges

CVE-2022-22251

Description

On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to take control of any instance of a cSRX software deployment. This issue affects Juniper Networks Junos OS 20.2 version 20.2R1 and later versions prior to 21.2R1 on cSRX Series.

Affected products

2
  • Juniper Networks/Junosllm-fuzzy2 versions
    >=20.2R1, <21.2R1+ 1 more
    • (no CPE)range: >=20.2R1, <21.2R1
    • (no CPE)range: 20.2R1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.