CVE-2022-22187

{"id": "CVE-2022-22187", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-04-14T16:15:08.047", "references": [{"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0029/MNDT-2022-0029.md", "tags": ["Third Party Advisory"], "source": "sirt@juniper.net"}, {"url": "https://kb.juniper.net/JSA69495", "tags": ["Permissions Required", "Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0."}, {"lang": "es", "value": "Una vulnerabilidad de Administraci\u00f3n de Privilegios Inapropiada en el marco del instalador de Windows usado en Juniper Networks Juniper Identity Management Service (JIMS) permite a un usuario no privilegiado desencadenar una operaci\u00f3n de reparaci\u00f3n. La ejecuci\u00f3n de una operaci\u00f3n de reparaci\u00f3n, a su vez, desencadenar\u00e1 una serie de operaciones de archivo en la carpeta %TEMP% del usuario que desencadena la reparaci\u00f3n. Algunas de estas operaciones se llevar\u00e1n a cabo desde un contexto SYSTEM (iniciado por medio del servicio Windows Installer), incluyendo la ejecuci\u00f3n de archivos temporales. Un atacante puede ser capaz de proporcionar binarios maliciosos al Instalador de Windows, que ser\u00e1n ejecutados con altos privilegios, lo que conlleva a una escalada de privilegios local. Este problema afecta a Juniper Networks Juniper Identity Management Service (JIMS) versiones anteriores a 1.4.0"}], "lastModified": "2023-01-31T18:04:38.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:juniper:identity_management_service:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "E94DB0A1-81AE-4292-875B-8DF8758AC7BF", "versionEndExcluding": "1.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@juniper.net"}