Lucene search

K
cve[email protected]CVE-2023-36846
HistoryAug 17, 2023 - 8:15 p.m.

CVE-2023-36846

2023-08-1720:15:10
CWE-306
web.nvd.nist.gov
183
In Wild
5
cve-2023-36846
juniper networks
junos os
srx series
missing authentication
unauthenticated
network-based attacker
file system integrity
arbitrary files
j-web
vulnerability
nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.009

Percentile

82.4%

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to user.php that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

  • All versions prior to 20.4R3-S8;
  • 21.1 versions 21.1R1 and later;
  • 21.2 versions prior to 21.2R3-S6;
  • 21.3 versions

prior to

21.3R3-S5;

  • 21.4 versions

prior to

21.4R3-S5;

  • 22.1 versions

prior to

22.1R3-S3;

  • 22.2 versions

prior to

22.2R3-S2;

  • 22.3 versions

prior to

22.3R2-S2, 22.3R3;

  • 22.4 versions

prior to

22.4R2-S1, 22.4R3.

Affected configurations

NVD
Node
junipersrx100Match-
OR
junipersrx110Match-
OR
junipersrx1400Match-
OR
junipersrx1500Match-
OR
junipersrx210Match-
OR
junipersrx220Match-
OR
junipersrx240Match-
OR
junipersrx240h2Match-
OR
junipersrx240mMatch-
OR
junipersrx300Match-
OR
junipersrx320Match-
OR
junipersrx340Match-
OR
junipersrx3400Match-
OR
junipersrx345Match-
OR
junipersrx3600Match-
OR
junipersrx380Match-
OR
junipersrx4000Match-
OR
junipersrx4100Match-
OR
junipersrx4200Match-
OR
junipersrx4600Match-
OR
junipersrx5000Match-
OR
junipersrx5400Match-
OR
junipersrx550Match-
OR
junipersrx550_hmMatch-
OR
junipersrx550mMatch-
OR
junipersrx5600Match-
OR
junipersrx5800Match-
OR
junipersrx650Match-
AND
juniperjunosRange<20.4
OR
juniperjunosMatch20.4-
OR
juniperjunosMatch20.4r1
OR
juniperjunosMatch20.4r1-s1
OR
juniperjunosMatch20.4r2
OR
juniperjunosMatch20.4r2-s1
OR
juniperjunosMatch20.4r2-s2
OR
juniperjunosMatch20.4r3
OR
juniperjunosMatch20.4r3-s1
OR
juniperjunosMatch20.4r3-s2
OR
juniperjunosMatch20.4r3-s3
OR
juniperjunosMatch20.4r3-s4
OR
juniperjunosMatch20.4r3-s5
OR
juniperjunosMatch20.4r3-s6
OR
juniperjunosMatch20.4r3-s7
OR
juniperjunosMatch21.1r1
OR
juniperjunosMatch21.1r1-s1
OR
juniperjunosMatch21.1r2
OR
juniperjunosMatch21.1r2-s1
OR
juniperjunosMatch21.1r2-s2
OR
juniperjunosMatch21.1r3
OR
juniperjunosMatch21.1r3-s1
OR
juniperjunosMatch21.1r3-s2
OR
juniperjunosMatch21.1r3-s3
OR
juniperjunosMatch21.1r3-s4
OR
juniperjunosMatch21.1r3-s5
OR
juniperjunosMatch21.2-
OR
juniperjunosMatch21.2r1
OR
juniperjunosMatch21.2r1-s1
OR
juniperjunosMatch21.2r1-s2
OR
juniperjunosMatch21.2r2
OR
juniperjunosMatch21.2r2-s1
OR
juniperjunosMatch21.2r2-s2
OR
juniperjunosMatch21.2r3
OR
juniperjunosMatch21.2r3-s1
OR
juniperjunosMatch21.2r3-s2
OR
juniperjunosMatch21.2r3-s3
OR
juniperjunosMatch21.2r3-s4
OR
juniperjunosMatch21.2r3-s5
OR
juniperjunosMatch21.3-
OR
juniperjunosMatch21.3r1
OR
juniperjunosMatch21.3r1-s1
OR
juniperjunosMatch21.3r1-s2
OR
juniperjunosMatch21.3r2
OR
juniperjunosMatch21.3r2-s1
OR
juniperjunosMatch21.3r2-s2
OR
juniperjunosMatch21.3r3
OR
juniperjunosMatch21.3r3-s1
OR
juniperjunosMatch21.3r3-s2
OR
juniperjunosMatch21.3r3-s3
OR
juniperjunosMatch21.3r3-s4
OR
juniperjunosMatch21.4-
OR
juniperjunosMatch21.4r1
OR
juniperjunosMatch21.4r1-s1
OR
juniperjunosMatch21.4r1-s2
OR
juniperjunosMatch21.4r2
OR
juniperjunosMatch21.4r2-s1
OR
juniperjunosMatch21.4r2-s2
OR
juniperjunosMatch21.4r3
OR
juniperjunosMatch21.4r3-s1
OR
juniperjunosMatch21.4r3-s2
OR
juniperjunosMatch21.4r3-s3
OR
juniperjunosMatch21.4r3-s4
OR
juniperjunosMatch22.1r1
OR
juniperjunosMatch22.1r1-s1
OR
juniperjunosMatch22.1r1-s2
OR
juniperjunosMatch22.1r2
OR
juniperjunosMatch22.1r2-s1
OR
juniperjunosMatch22.1r2-s2
OR
juniperjunosMatch22.1r3
OR
juniperjunosMatch22.1r3-s1
OR
juniperjunosMatch22.1r3-s2
OR
juniperjunosMatch22.2r1
OR
juniperjunosMatch22.2r1-s1
OR
juniperjunosMatch22.2r1-s2
OR
juniperjunosMatch22.2r2
OR
juniperjunosMatch22.2r2-s1
OR
juniperjunosMatch22.2r2-s2
OR
juniperjunosMatch22.2r3
OR
juniperjunosMatch22.2r3-s1
OR
juniperjunosMatch22.3r1
OR
juniperjunosMatch22.3r1-s1
OR
juniperjunosMatch22.3r1-s2
OR
juniperjunosMatch22.3r2
OR
juniperjunosMatch22.3r2-s1
OR
juniperjunosMatch22.4r1
OR
juniperjunosMatch22.4r1-s1
OR
juniperjunosMatch22.4r1-s2
OR
juniperjunosMatch22.4r2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "SRX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1*",
        "status": "affected",
        "version": "21.1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S6",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S5",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S3",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S2",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2, 22.3R3",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S1, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      }
    ]
  }
]

Social References

More

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.009

Percentile

82.4%