Lucene search

K
attackerkbAttackerKBAKB:12906C1E-F514-4EB9-8C2A-50EA3A2D0F75
HistoryAug 17, 2023 - 12:00 a.m.

CVE-2023-36846

2023-08-1700:00:00
attackerkb.com
9
juniper networks
junos os
srx series
vulnerability
authentication
j-web
file system integrity

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.3 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to user.php that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

  • All versions prior to 20.4R3-S8;

  • 21.1 versions 21.1R1 and later;

  • 21.2 versions prior to 21.2R3-S6;

  • 21.3 versions

prior to

21.3R3-S5;

  • 21.4 versions

prior to

21.4R3-S5;

  • 22.1 versions

prior to

22.1R3-S3;

  • 22.2 versions

prior to

22.2R3-S2;

  • 22.3 versions

prior to

22.3R2-S2, 22.3R3;

  • 22.4 versions

prior to

22.4R2-S1, 22.4R3.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.3 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.5%

Related for AKB:12906C1E-F514-4EB9-8C2A-50EA3A2D0F75