Lucene search

K
attackerkbAttackerKBAKB:05D08303-C1F5-441D-AD39-D3DA360AC970
HistoryAug 17, 2023 - 12:00 a.m.

CVE-2023-36847

2023-08-1700:00:00
attackerkb.com
12
juniper networks junos os
missing authentication
critical function vulnerability
ex series
arbitrary files
network-based attacker
file system integrity

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

9.8

Confidence

High

EPSS

0.009

Percentile

82.4%

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to installAppPackage.php that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on EX Series:

  • All versions prior to 20.4R3-S8;

  • 21.1 versions 21.1R1 and later;

  • 21.2 versions prior to 21.2R3-S6;

  • 21.3 versions

prior to

21.3R3-S5;

  • 21.4 versions

prior to

21.4R3-S4;

  • 22.1 versions

prior to

22.1R3-S3;

  • 22.2 versions

prior to

22.2R3-S1;

  • 22.3 versions

prior to

22.3R2-S2, 22.3R3;

  • 22.4 versions

prior to

22.4R2-S1, 22.4R3.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

9.8

Confidence

High

EPSS

0.009

Percentile

82.4%

Related for AKB:05D08303-C1F5-441D-AD39-D3DA360AC970