Strix
26.1K

CVE-2022-22152

MEDIUMCVSS 6.5/10EPSS 0.78%

Last modified

CVE-2022-22152 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. EPSS estimates a 0.78% chance of exploitation in the next 30 days.

Description

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.78%

51.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
JuniperContrail Service Orchestration<= 6.0.0
JuniperContrail Service Orchestration6.1.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-22152?
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.
How severe is CVE-2022-22152?
CVE-2022-22152 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.78% probability of exploitation in the next 30 days.
How do I fix CVE-2022-22152?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-22152?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST