CVE-2022-22189
HIGHJuniper Networks CSO <6.0.0 Patch v3 - Privilege Escalation
Title source: llmDescription
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0.
References (1)
Core 1
Core References
Permissions Required, Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA69498
Scores
CVSS v3
7.3
EPSS
0.0003
EPSS Percentile
8.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-288
CWE-708
Status
published
Products (1)
juniper/contrail_service_orchestration
6.0.0 (3 CPE variants)
Published
Apr 14, 2022
Tracked Since
Feb 18, 2026