Skip to main content

Authentication Bypass Using an Alternate Path or Channel

CVE-2022-22189

Severity High
Score 7.3/10

Summary

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • REQUIRED
  • LOW
  • HIGH
  • HIGH

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References

Advisory Timeline

  • Published