Security researchers found several critical vulnerabilities in the J-Web web interface, which is used in Juniper network devices with the JunOS operating system.
The most dangerous one with CVE-2022-22241 identifier allows to remotely execute its code in the system without authentication by sending specially crafted HTTP request.
The vulnerability lies in the fact that the file path passed by the user is processed in the /jsdm/ajax/logging_browse.php script without filtering the prefix with the content type at the stage before the authentication check.
This allows a hacker to pass a malicious phar file disguised as an image and achieve execution of the phar hosted PHP code via a "phar deserialization" attack (by specifying "filepath=phar:/path/pharfile.jpg" in the request).