New Cyber Defense Brand DeepSeas to Unite Newly Acquired Commercial Managed Threat Services Business from Booz Allen Hamilton with Security On-Demand. Learn More

October 31, 2022

High-Severity Flaws in Juniper Junos OS

Peter Bybee

(CVE-2022-22241, CVE-2022-22242, CVE-2022-22243, CVE-2022-22244, CVE-2022-22245, CVE-2022-22246)

Event Summary

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices (J-Web component of Juniper Networks Junos OS), some of which could be exploited to achieve code execution. Users of Juniper Networks firewalls, routers, and switches are recommended to apply the latest software patch available for Junos OS to mitigate threats.

Details

Product Affected

Vulnerable Version

CVE-CVSS Associated

Risk / Details for vulnerability

Recommendations

JunOS

(J-Web Component)

All versions of Junos OS

CVE-2022-22241 CVE-2022-22242 CVE-2022-22243

CVE-2022-22244 CVE-2022-22245 CVE-2022-22246

High – Arbitrary code execution, local file inclusion, cross-site scripting attacks, path injection and traversal

Update systems with latest security patches.

Workaround: Disable J-Web, or limit access to only trusted hosts

SOD Actions

Security On-Demand recommends updating all Juniper devices to the latest OS versions, as stated by Juniper as well. The software releases that have been updated to resolve these specific issues are: Junos OS 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases. Is upgrading is not an option, Juniper also recommends disabling the J-Web console, or limiting access to these devices from only trusted hosts.

SOD Threat Recon Unit will also keep track of any exploitation tool or PoC (Proof of Concept) that could leverage the usage of these vulnerabilities to exploit systems actively. Information about new IoCs and IoAs will be included proactively as part of the monitoring mechanism included on Threat Watch on their multiple service tiers.

Please contact your Security On-Demand Customer Success Manager if you have any questions about this alert.

Additional Resources

https://thehackernews.com/2022/10/high-severity-flaws-in-juniper-junos-os.html
https://kb.juniper.net/JSA69899
https://nvd.nist.gov/vuln/detail/CVE-2022-22241
https://nvd.nist.gov/vuln/detail/CVE-2022-22242
https://nvd.nist.gov/vuln/detail/CVE-2022-22243
https://nvd.nist.gov/vuln/detail/CVE-2022-22245
https://nvd.nist.gov/vuln/detail/CVE-2022-22246

SERVICES

ABOUT

SIGN-UP FOR FREE THREAT FLASH ALERTS

img.wp-smiley,img.emoji{display:inline !important;border:none !important;box-shadow:none !important;height:1em !important;width:1em !important;margin:0 .07em !important;vertical-align:-.1em !important;background:none !important;padding:0 !important;}#rs-demo-id{}body a{color:#333;font-family:"Droid sans";}body a:hover{color:#0897a5;}.rightsidegd .vc_gitem-post-data-source-post_date,.leftsidegd .vc_gitem-post-data-source-post_date{color:#ee2e24;margin-bottom:5px;font-size:14px;}.rightsidegd .vc_gitem_row .vc_gitem-col{padding:0;padding-bottom:10px;}.rightsidegd .vc_gitem-post-data-source-post_title,.leftsidegd .vc_gitem-post-data-source-post_title{color:#444;font-weight:600;}#mk-ornamental-title-4 h2.title,#mk-ornamental-title-5 h2.title{font-size:22px;}.sideform #gform_wrapper_10 label{display:none;}.sideform #input_10_2,.sideform #input_10_3{width:100%;}.vc_btn3.vc_btn3-color-juicy-pink,.vc_btn3.vc_btn3-color-juicy-pink.vc_btn3-style-flat{background-color:#eb312e !important;}@media only screen and (min-width:767px){.casest .mk-text-block{min-height:190px;}.whitepap .content-box-heading{min-height:78px;}.whitepap .mk-text-block{min-height:250px;}.servpage .content-box-heading{min-height:78px;}.servpage .mk-text-block{min-height:280px;}.casetabs .mk-text-block.padcnt{min-height:160px;}.mk-text-block.padcnt.actionbut{min-height:inherit !important;}.whtpapers .mk-text-block.padcnt{min-height:190px;}.whtpapers h2{min-height:80px;}.servbrif .mk-text-block.padcnt{min-height:240px;}.servbrif h2{min-height:60px;}.midlevelleft{left:-34px;}.midlevelright{right:-34px;}.threeeqlcolmn .vc_col-sm-4{width:31.33333333%;margin:0 1%;}}.smpleclue .vc_column-inner > .wpb_wrapper{box-shadow:0px 1px 3px #ccc;margin-bottom:30px;}.smpleclue .vc_column-inner .wpb_wrapper .wpb_single_image{border-bottom:6px solid red;}.smpleclue .vc_column-inner > .wpb_wrapper:hover,.leftsidegd .vc_grid-item.vc_col-sm-4 > .vc_grid-item-mini:hover,.smpleclue .vc_column-inner > a:hover + .wpb_wrapper{transform:translate(0,-2px);box-shadow:0 5px 10px rgba(0,0,0,.2),0 10px 20px rgba(0,0,0,.2);}.padcnt{padding:5px 15px;}.actionbut{text-align:right !important;}.call-act-but .left-tim .mk-button-container{text-align:right;}.call-act-but .rght-tim .mk-button-container{text-align:left;}.call-act-but{padding:50px 0px 30px;}#mk-button-18 .mk-button,#mk-button-20 .mk-button,#mk-button-29 .mk-button{text-transform:uppercase !important;}.mk-button--dimension-flat.text-color-dark{color:#0897a5;}.milestone-top span{color:#0897a5 !important;}#threebx .box-detail-wrapper{text-align:left;}.wtwp-testimonials-slider-wrp .slick-slider{background:transparent;}.wtwp-testimonials-slider-wrp h4{display:none;}.wptww-testimonials-slidelist.design-1 .fa-quote-left,.wptww-testimonials-list.design-1 .fa-quote-left,.wptww-testimonials-slide-widget.design-1 .fa-quote-left{color:#ee2e24;}.clientfeed{padding:80px 60px 30px;box-shadow:0px 0px 5px #bbb;border-radius:10px;}.wptww-testimonials-text p{font-size:18px !important;line-height:35px;padding:20px;}.wptww-quote{outline:none !important;}.wptww-testimonial-client{font-size:25px;text-transform:uppercase;padding:6px;}.sixboxlet .mk-box-icon.boxed-style .mk-main-ico .mk-svg-icon{width:50px !important;height:50px !important;}.sixboxlet .mk-box-icon.boxed-style .icon-box-boxed.left{margin-left:0;padding:30px 30px 30px 100px;background:none;border:none;box-shadow:6px 5px 30px 0px rgba(0,0,0,.12);}.sixboxlet .mk-box-icon.boxed-style .icon-box-boxed.left .mk-main-ico{left:15px;}.sixboxlet .mk-box-icon.boxed-style h4{margin-bottom:15px;font-size:22px !important;font-weight:600 !important;}.leftclmns,.rightclmns{padding:100px 60px;}.eq-level-box{overflow:inherit !important;}.leftclmns{border-top-right-radius:10px;}.rightclmns{background:#666;top:40px;border-bottom-left-radius:10px;padding-left:100px;}.leftclmns ul li,.rightclmns ul li{line-height:38px !important;color:#fff;}.rightclmns ul li{line-height:38px !important;color:#fff;}.rightclmns ul li .mk-svg-icon,.leftclmns ul li .mk-svg-icon{top:10px;}.home .mk-edge-custom-content h1 span strong{color:#fff !important;}.lr-column .vc_col-sm-6{padding:40px;}.vc_icon_element.vc_icon_element-outer .vc_icon_element-inner.vc_icon_element-size-xl .vc_icon_element-icon{font-size:12em !important;}.lr-column .vc_col-sm-6 .icon1-level{padding-top:28%;}.lr-column .vc_col-sm-6 .icon2-level{padding-top:22%;}.lr-column .vc_col-sm-6 .icon3-level{padding-top:32%;}.mk-process-steps ul li h3{font-size:20px !important;}.mk-process-steps.process-steps-3 .mk-process-icon svg{height:40px;}.mk-process-steps.process-steps-3 .mk-process-icon{width:100px;height:100px;}.mk-process-steps.process-steps-3 ul:before{top:60px;}.mk-process-steps ul:before{left:160px;width:70%;}#text-block-10{padding-right:40px;}#text-block-10 p{line-height:35px;font-size:16px;letter-spacing:1px;}.vc_icon_element.vc_icon_element-outer .vc_icon_element-inner.vc_icon_element-color-peacoc .vc_icon_element-icon{color:#0897a5;}.page-id-7769 .vc-hoverbox-block{background-image:none !important;}.page-id-7769 .vc-hoverbox-block.nitro-lazy{background-image:none !important;}.single-private-page .blog-single-title{display:inline-block;}.single-private-page #mk-page-introduce{display:none;}.single-private-page .fitpage{margin:0px;}.colorwht,.colorwht p{color:#fff;font-size:18pt;}.listsec-cnt h3{text-transform:capitalize !important;}.boxx-stlye .aio-icon-component.style_3{min-height:120px;border:1px solid #0897a5;}.boxx-stlye .aio-icon-component.style_3:hover{background:#0897a5;}.boxx-stlye .aio-icon-component.style_3:hover h3{color:#fff;}.boxericon .aio-icon-component.style_1{border:1px solid;padding:25px 15px;min-height:80px;}.master-holder .listboxro h3{font-size:24px;font-weight:bold;margin-bottom:20px;}.master-holder .listboxro2 h3{font-size:25px;font-weight:bold;}.threeclmn .aio-icon-component.style_1{padding:30px;box-shadow:0px 0px 14px #ccc;border-radius:30px;}.threeclmn .align-icon,.threeclmn .aio-icon-header,.threeclmn .aio-icon-description{text-align:left !important;}#text-block-16 h3{font-weight:bold;font-size:22px;}.boxx-stlye .aio-icon-component.style_3 h3{font-weight:bold;}.threeclmn2 .aio-icon-component.style_1{padding:18px;box-shadow:0px 0px 14px #ccc;border-radius:30px;}.threeclmn2 h3{text-transform:capitalize !important;line-height:23px !important;font-size:16px !important;}.liststyleicon ul li{line-height:35px;list-style:none;padding-left:30px;margin:0;}.liststyleicon ul li{padding:0px;margin:0px;}.liststyleicon ul li:before{content:"";height:4px;width:13px;background:#0897a5;display:block;position:relative;left:-25px;top:20px;}.shd-left{box-shadow:0px 3px 30px #ddd;border-top-left-radius:15px;border-bottom-left-radius:15px;}.shd-right{box-shadow:0px 3px 30px #ddd;border-top-right-radius:15px;border-bottom-right-radius:15px;}.shd-left p,.shd-right p{font-size:16px !important;}.dce-post-date{position:absolute;top:-220px;word-wrap:anywhere;text-align:center !important;background:#fff;left:15px;padding:8px 27px !important;border-radius:8px;}.dce-post-date span{display:block;color:#1a97a4;}.brandlogo a{display:inline-block;padding:0 5px 0 0;border-radius:5px;}.brandlogo a img{border-radius:5px;}.bdt-content p{font-size:14px;color:#fff;line-height:20px;margin:0;}.single-news .mk-main-wrapper{max-width:980px;}.layoutblg .bdt-list .bdt-post-block-item{visibility:visible !important;}.postnav-sec .navplus.activenav{background:#fff;}.postnav-sec .navplus.activenav a{color:#5472d2;display:block;padding:17px;width:100%;}.postnav-sec .navplus.activenav:hover{background:#dcdcdc;}.postnav-sec .navplus{background:#ebebeb;}.postnav-sec .navplus a{color:#666;display:block;padding:17px;width:100%;}.postnav-sec .navplus:hover{background:#dcdcdc;}.sl-post{margin-bottom:0px !important;}.elementor-pagination{text-align:center;margin-top:25px;}.g-form-side .gfield_label,.elementor-nav-menu .sub-arrow{display:none !important;}.g-form-side .gform_wrapper .top_label input.medium,.g-form-side #gform_submit_button_10{width:100%;}.cntcont .cnt-add strong{color:#333;}.cnt-add{font-size:16px;}.bdt-gravity-forms #input_2_8 li{display:inline-block;margin-right:15px;}.bdt-gravity-forms #input_2_8 li input{margin-top:0px;}.bdt-gravity-forms textarea{height:70px !important;}.bannerfrm input{height:40px;}.bannerfrm input[type="submit"]{padding:18px 50px;height:auto;}.ctainfo{font-size:25px !important;margin:0;padding:20px 0;font-weight:bold !important;}.iconbackgd .elementor-icon-list-icon{background:#fff;padding:18px;text-align:center;}.upiconstar .bdt-advanced-icon-box-icon{margin-bottom:0px !important;margin-top:-24px;position:relative;top:10px;}textarea,input[type=text],input[type=tel],input[type=email],input[type=url],input[type=password],input[type=search],select{color:#767676;background-color:#fdfdfd;border:1px solid #e3e3e3;outline:none;margin-bottom:4px;}.bdt-gravity-forms input[type="submit"]{background:#0897a5;color:#fff;font-family:"Droid sans";font-weight:700;text-transform:uppercase;letter-spacing:1px;border:0;padding:8px 24px;}.bdt-gravity-forms input[type="submit"]:hover{background:#000 !important;}.one-circle a{color:#fff !important;}.boldfont{font-weight:bold !important;}.leftcontent1 h2{font-size:30px !important;text-transform:uppercase !important;font-weight:bold !important;padding:50px 50px 0px !important;}.leftcontent1 h2:after{content:"";display:block;height:2px;width:100px;background:#ee2e24;margin-top:25px;}.textsecut{padding:25px 50px;}.leftcontent1 .aio-icon-header h3.aio-icon-title{width:70%;margin:10px auto;line-height:27px;color:#fff;}.rightcontent1 .wpb_single_image{margin-bottom:0;}.rightbdr{border-right:1px solid #f9f9f9;}.baselevel1{padding:35px 0 0px;}.baselevel1 .aio-icon-component > a:hover .aio-icon i,.baselevel1 .aio-icon-component > a:hover .aio-icon-header h3{color:#0897a5 !important;}.homeColumn2 h2{padding:15px;}h1.bannerwedge{font-weight:600 !important;}.context1 p{font-size:17pt;}.nwflipfx .ifb-face.ifb-front h3{font-size:80px !important;padding:50px;color:#fff !important;}.nwflipfx .ifb-face.ifb-front{background:#0897a5 !important;}.nwflipfx .ifb-face.ifb-back{color:#fff !important;background:#ee2e24 !important;}.nwflipfx .ifb-face.ifb-back p{color:#fff !important;font-size:18pt !important;line-height:40px !important;}.elementor-blockquote--skin-quotation .elementor-blockquote:before{position:initial;background:none;}.one-circle{width:500px;position:relative;margin:0 auto;}.mid-center{position:absolute;width:190px;height:185px;padding:60px 48px;text-align:center;background:#000;left:0;right:0;top:50%;transform:translateY(-50%);margin:0 auto;color:#fff;border-radius:50%;line-height:22px;font-size:16px;}.top-left,.top-right,.bottom-left,.bottom-right{width:250px;display:table-cell;height:248px;padding:70px;vertical-align:middle;text-align:center;border:.5px solid #fff;font-size:16px;}.top-left{background:#002060;color:#fff;border-radius:235px 0px 0px 0px;}.top-right{background:#027434;color:#fff;border-radius:0px 235px 0px 0px;}.bottom-left{background:#991649;color:#fff;border-radius:0px 0px 0px 235px;}.bottom-right{background:#ffbf00;color:#fff;border-radius:0px 0px 235px 0px;}.top-left:hover,.top-right:hover,.bottom-left:hover,.bottom-right:hover{background:#000;}.triconsection .elementor-widget-image-box:hover .elementor-widget-container .elementor-image-box-description{color:#000;}html{overflow-x:hidden;}.allhead{width:150px;height:150px;background:#ccc;border-radius:50%;padding:30px;text-align:center;vertical-align:middle;display:table-cell;position:absolute;font-size:14px;}.allhead.active{box-shadow:0px 1px 10px #666;}.allhead:hover{background:#f80f0f;}.allhead p{position:relative;font-size:14px;display:table-cell;height:100px;width:100px;vertical-align:middle;color:#fff;padding:0;top:-6px;}.fullbox{width:550px;height:550px;text-align:center;position:relative;}.c-top-area{margin:0 auto;position:absolute;top:0;left:0;right:0;background:#035154;color:#fff;}.c-top-area:after{content:"";height:35px;width:4px;display:block;position:absolute;background:#999;text-align:center;margin:0 auto;bottom:-42px;left:0;right:0;}.c-center-area{margin:0 auto;position:absolute;top:50%;left:0;right:0;-ms-transform:translateY(-50%);transform:translateY(-50%);background:#000;color:#fff;}.c-bottom-area{margin:0 auto;position:absolute;bottom:0;left:0;right:0;background:#00a0af;color:#fff;}.c-bottom-area:after{content:"";height:35px;width:4px;display:block;background:#999;text-align:center;margin:0 auto;top:-42px;position:absolute;left:0;right:0;}.c-left-area{position:absolute;top:50%;left:0;-ms-transform:translateY(-50%);transform:translateY(-50%);background:#999;color:#fff;}.c-left-area:after{content:"";height:4px;width:35px;display:block;background:#999;text-align:center;margin:0 auto;right:-42px;top:50%;position:absolute;-ms-transform:translateY(-50%);transform:translateY(-50%);}.c-right-area{color:#fff;position:absolute;top:50%;right:0;-ms-transform:translateY(-50%);transform:translateY(-50%);background:green;}.c-right-area:after{content:"";height:4px;width:35px;display:block;background:#999;text-align:center;margin:0 auto;top:50%;position:absolute;-ms-transform:translateY(-50%);transform:translateY(-50%);left:-42px;}.contentlevel{display:none;}.contentlevel.active{display:block;}.circle-content{padding:30px;}

High-Severity Flaws in Juniper Junos OS

Peter Bybee

(CVE-2022-22241, CVE-2022-22242, CVE-2022-22243, CVE-2022-22244, CVE-2022-22245, CVE-2022-22246)

Event Summary

Details

SOD Actions

Additional Resources

RECOMMENDED POSTS

The Confusion Between Attack Surface Reduction and Vulnerability Management

Security Operations Expert: Meet Dorian James, DeepSeas

Meet Our Deep: Richard Waller, DeepSeas Cyber Security Account Executive

SERVICES

ABOUT

SIGN-UP FOR FREE THREAT FLASH ALERTS

FOLLOW US