Vulners
Lucene search
CVE-2023-36846
🗓️ 17 Aug 2023 19:18:00Reported by juniperType 
cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 340 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 26 |
|---|---|---|---|---|
 | Exploit for PHP External Variable Modification in Juniper Junos | 25 Aug 202307:28 | – | githubexploit |
| Exploit for PHP External Variable Modification in Juniper Junos | 13 Feb 202414:59 | – | githubexploit |
 | Exploit for PHP External Variable Modification in Juniper Junos | 30 Apr 202410:13 | – | gitee |
 | CVE-2023-36844 | 17 Aug 202300:00 | – | attackerkb |
| CVE-2023-36846 | 17 Aug 202320:15 | – | attackerkb |
 | The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX devices allows a hacker to execute arbitrary code. | 23 Aug 202300:00 | – | bdu_fstec |
 | CVE-2023-36846 | 18 Aug 202300:38 | – | circl |
 | Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability | 13 Nov 202300:00 | – | cisa_kev |
 | CISA Adds Six Known Exploited Vulnerabilities to Catalog | 13 Nov 202312:00 | – | cisa |
 | Juniper Networks Junos OS SRX 访问控制错误漏洞 | 17 Aug 202300:00 | – | cnnvd |
10
Node
OROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROR
OROROROROROROROROROROROROROROROROROROROROROROROROROROR
[
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S1, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
]| Source | Link |
|---|---|
| supportportal | www.supportportal.juniper.net/JSA72300 |
| cisa | www.cisa.gov/known-exploited-vulnerabilities-catalog |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| rs | request body | /webauth_operation.php | Unauthenticated arbitrary file upload endpoint leading to code execution via uploaded PHP/INI payloads (CVE-2023-36846). | CWE-306 |
| rsargs[0] | request body | /webauth_operation.php | Unauthenticated arbitrary file upload endpoint leading to code execution via uploaded PHP/INI payloads (CVE-2023-36846). | CWE-306 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 06:07Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.15.3
EPSS0.94205
SSVC