Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:12906C1E-F514-4EB9-8C2A-50EA3A2D0F75
HistoryAug 17, 2023 - 12:00 a.m.

CVE-2023-36846

2023-08-1700:00:00
attackerkb.com
13
juniper networks
junos os
srx series
vulnerability
authentication
j-web
file system integrity

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

7.3

Confidence

Low

EPSS

0.008

Percentile

82.2%

JSON

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to user.php that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

  • All versions prior to 20.4R3-S8;

  • 21.1 versions 21.1R1 and later;

  • 21.2 versions prior to 21.2R3-S6;

  • 21.3 versions

prior to

21.3R3-S5;

  • 21.4 versions

prior to

21.4R3-S5;

  • 22.1 versions

prior to

22.1R3-S3;

  • 22.2 versions

prior to

22.2R3-S2;

  • 22.3 versions

prior to

22.3R2-S2, 22.3R3;

  • 22.4 versions

prior to

22.4R2-S1, 22.4R3.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

Related

cisa_kev 1
cve 1
cvelist 1
nvd 1
prion 1
attackerkb 1
rapid7blog 1
thn 5
nuclei 1
nessus 1
cisa_kev
cisa_kev
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
2023-11-13 00:00:00
cve
cve
CVE-2023-36846
2023-08-17 20:15:10
cvelist
cvelist
CVE-2023-36846 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files
2023-08-17 19:18:00
nvd
nvd
CVE-2023-36846
2023-08-17 20:15:10
prion
prion
Authentication flaw
2023-08-17 20:15:00
attackerkb
attackerkb
CVE-2023-36844
2023-08-17 00:00:00
rapid7blog
rapid7blog
Exploitation of Juniper Networks SRX Series and EX Series Devices
2023-08-31 20:23:59
thn
thn
New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now
2023-08-19 07:38:00
Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
2023-09-19 09:30:00
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws
2024-01-30 05:01:00
nuclei
nuclei
Juniper Devices - Remote Code Execution
2023-08-26 07:36:41
nessus
nessus
Juniper Junos OS Pre-Auth RCE (JSA72300)
2023-08-25 00:00:00

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

7.3

Confidence

Low

EPSS

0.008

Percentile

82.2%

JSON
Related for AKB:12906C1E-F514-4EB9-8C2A-50EA3A2D0F75
cisa_kev1cve1cvelist1nvd1prion1attackerkb1rapid7blog1thn5nuclei1nessus1