{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T10:10:25.815","vulnerabilities":[{"cve":{"id":"CVE-2022-22189","sourceIdentifier":"sirt@juniper.net","published":"2022-04-14T16:15:08.167","lastModified":"2024-11-21T06:46:21.270","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0."},{"lang":"es","value":"Una vulnerabilidad de Asignación de Propiedad Incorrecta en Juniper Networks Contrail Service Orchestration (CSO) permite que un usuario autenticado localmente tenga sus permisos elevados sin autenticación, tomando así el control del sistema local en el que está autenticado. Este problema afecta a: Juniper Networks Contrail Service Orchestration versiones  6.0.0 anteriores a 6.0.0 Patch v3 en instalaciones locales. Este problema no afecta a las versiones locales de Juniper Networks Contrail Service Orchestration anteriores a 6.0.0"}],"metrics":{"cvssMetricV31":[{"source":"sirt@juniper.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"sirt@juniper.net","type":"Secondary","description":[{"lang":"en","value":"CWE-288"},{"lang":"en","value":"CWE-708"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:juniper:contrail_service_orchestration:6.0.0:-:*:*:*:*:*:*","matchCriteriaId":"EA7E76A4-E725-4297-AC19-2993FCE07B73"},{"vulnerable":true,"criteria":"cpe:2.3:a:juniper:contrail_service_orchestration:6.0.0:patch1:*:*:*:*:*:*","matchCriteriaId":"F2777241-F7D0-42EF-99BD-9BEC5D84A406"},{"vulnerable":true,"criteria":"cpe:2.3:a:juniper:contrail_service_orchestration:6.0.0:patch2:*:*:*:*:*:*","matchCriteriaId":"99BBB456-0F5E-4472-8C43-343C2BC64466"}]}]}],"references":[{"url":"https://kb.juniper.net/JSA69498","source":"sirt@juniper.net","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://kb.juniper.net/JSA69498","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]}]}}]}