Cyber Resilience

CVE-2022-22156

MediumPublic PoC

Published: 19 January 2022

Published
19 January 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS Score 0.0012 29.9th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-22156 is a medium-severity Improper Certificate Validation (CWE-295) vulnerability in Juniper Junos. Its CVSS base score is 6.5 (Medium).

Operationally, ranked at the 29.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and…

more

confidentiality of the device. The following command can be executed by an administrator via the CLI to refresh a script from a remote location, which is affected from this vulnerability: >request system scripts refresh-from (commit | event | extension-service | op | snmp) file filename url <https-url> This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R1-S1, 21.1R2.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

juniper
junos
18.4, 19.1, 19.2, 19.3, 19.4 · ≤ 18.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-358

Assessments identify and document improperly implemented security checks, allowing fixes that reduce exploitation of flawed checks.

addresses: CWE-300

Ensures only authenticated endpoints can access the communication channel, blocking unauthorized non-endpoint access.

addresses: CWE-300

Physically restricts transmission channels so they cannot be accessed or tapped by non-endpoint actors within facilities.

addresses: CWE-300

Periodic TSCM surveys identify unauthorized access points or taps that make communication channels reachable by non-endpoint adversaries.

addresses: CWE-295

When certificates are used to establish component provenance, the control requires correct certificate validation procedures.

addresses: CWE-300

Explicitly isolates the communications path so it cannot be accessed or intercepted by non-endpoint entities during security functions.

addresses: CWE-295

Mandates approved trust anchors and issuance policies, directly preventing acceptance of unvalidated or untrusted certificates.

addresses: CWE-300

Restrictions and channel controls reduce the chance that VoIP media or signaling streams remain accessible to non-participants.

References