AttackerKBAKB:55C79F4C-C2CC-4810-8627-67A145A93DF5CVE-2023-36851
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.7 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.9%
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to
webauth_operation.php
that doesnβt require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of
integrity or confidentiality, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
21.2 versions prior to 21.2R3-S8;
- 21.4
versions prior to
21.4R3-S6;
- 22.1
versions prior to
22.1R3-S5;
- 22.2
versions prior to
22.2R3-S3;
- 22.3
versions prior to
22.3R3-S2;
-
22.4 versions prior to 22,4R2-S2, 22.4R3;
-
23.2 versions prior to
23.2R1-S2, 23.2R2.
Recent assessments:
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.7 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.9%