Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2023-36846
HistoryNov 13, 2023 - 12:00 a.m.

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

2023-11-1300:00:00
CISA
www.cisa.gov
5
juniper junos os
srx series
missing authentication
critical function vulnerability
network-based attacker
file system integrity
arbitrary files
j-web
vulnerabilities

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

7.8

Confidence

Low

EPSS

0.008

Percentile

82.2%

JSON

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn’t require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

Related

cve 1
cvelist 1
prion 1
nvd 1
attackerkb 2
thn 5
nuclei 1
rapid7blog 1
nessus 1
cve
cve
CVE-2023-36846
2023-08-17 20:15:10
cvelist
cvelist
CVE-2023-36846 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files
2023-08-17 19:18:00
prion
prion
Authentication flaw
2023-08-17 20:15:00
nvd
nvd
CVE-2023-36846
2023-08-17 20:15:10
attackerkb
attackerkb
CVE-2023-36846
2023-08-17 00:00:00
CVE-2023-36844
2023-08-17 00:00:00
thn
thn
New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now
2023-08-19 07:38:00
Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
2023-09-19 09:30:00
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
2023-11-14 06:03:00
nuclei
nuclei
Juniper Devices - Remote Code Execution
2023-08-26 07:36:41
rapid7blog
rapid7blog
Exploitation of Juniper Networks SRX Series and EX Series Devices
2023-08-31 20:23:59
nessus
nessus
Juniper Junos OS Pre-Auth RCE (JSA72300)
2023-08-25 00:00:00

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

7.8

Confidence

Low

EPSS

0.008

Percentile

82.2%

JSON
Related for CISA-KEV-CVE-2023-36846
cve1cvelist1prion1nvd1attackerkb2thn5nuclei1rapid7blog1nessus1