Lucene search

K
cve[email protected]CVE-2023-36847
HistoryAug 17, 2023 - 8:15 p.m.

CVE-2023-36847

2023-08-1720:15:10
CWE-306
web.nvd.nist.gov
175
In Wild
"juniper networks
junos os
ex series
cve-2023-36847
vulnerability
authentication
network security
file system integrity"

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.009

Percentile

82.4%

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to installAppPackage.php that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on EX Series:

  • All versions prior to 20.4R3-S8;
  • 21.1 versions 21.1R1 and later;
  • 21.2 versions prior to 21.2R3-S6;
  • 21.3 versions

prior to

21.3R3-S5;

  • 21.4 versions

prior to

21.4R3-S4;

  • 22.1 versions

prior to

22.1R3-S3;

  • 22.2 versions

prior to

22.2R3-S1;

  • 22.3 versions

prior to

22.3R2-S2, 22.3R3;

  • 22.4 versions

prior to

22.4R2-S1, 22.4R3.

Affected configurations

NVD
Node
juniperjunosRange<20.4
OR
juniperjunosMatch20.4-
OR
juniperjunosMatch20.4r1
OR
juniperjunosMatch20.4r1-s1
OR
juniperjunosMatch20.4r2
OR
juniperjunosMatch20.4r2-s1
OR
juniperjunosMatch20.4r2-s2
OR
juniperjunosMatch20.4r3
OR
juniperjunosMatch20.4r3-s1
OR
juniperjunosMatch20.4r3-s2
OR
juniperjunosMatch20.4r3-s3
OR
juniperjunosMatch20.4r3-s4
OR
juniperjunosMatch20.4r3-s5
OR
juniperjunosMatch20.4r3-s6
OR
juniperjunosMatch20.4r3-s7
OR
juniperjunosMatch21.1r1
OR
juniperjunosMatch21.1r1-s1
OR
juniperjunosMatch21.1r2
OR
juniperjunosMatch21.1r2-s1
OR
juniperjunosMatch21.1r2-s2
OR
juniperjunosMatch21.1r3
OR
juniperjunosMatch21.1r3-s1
OR
juniperjunosMatch21.1r3-s2
OR
juniperjunosMatch21.1r3-s3
OR
juniperjunosMatch21.1r3-s4
OR
juniperjunosMatch21.1r3-s5
OR
juniperjunosMatch21.2-
OR
juniperjunosMatch21.2r1
OR
juniperjunosMatch21.2r1-s1
OR
juniperjunosMatch21.2r1-s2
OR
juniperjunosMatch21.2r2
OR
juniperjunosMatch21.2r2-s1
OR
juniperjunosMatch21.2r2-s2
OR
juniperjunosMatch21.2r3
OR
juniperjunosMatch21.2r3-s1
OR
juniperjunosMatch21.2r3-s2
OR
juniperjunosMatch21.2r3-s3
OR
juniperjunosMatch21.2r3-s4
OR
juniperjunosMatch21.2r3-s5
OR
juniperjunosMatch21.3-
OR
juniperjunosMatch21.3r1
OR
juniperjunosMatch21.3r1-s1
OR
juniperjunosMatch21.3r1-s2
OR
juniperjunosMatch21.3r2
OR
juniperjunosMatch21.3r2-s1
OR
juniperjunosMatch21.3r2-s2
OR
juniperjunosMatch21.3r3
OR
juniperjunosMatch21.3r3-s1
OR
juniperjunosMatch21.3r3-s2
OR
juniperjunosMatch21.3r3-s3
OR
juniperjunosMatch21.3r3-s4
OR
juniperjunosMatch21.4-
OR
juniperjunosMatch21.4r1
OR
juniperjunosMatch21.4r1-s1
OR
juniperjunosMatch21.4r1-s2
OR
juniperjunosMatch21.4r2
OR
juniperjunosMatch21.4r2-s1
OR
juniperjunosMatch21.4r2-s2
OR
juniperjunosMatch21.4r3
OR
juniperjunosMatch21.4r3-s1
OR
juniperjunosMatch21.4r3-s2
OR
juniperjunosMatch21.4r3-s3
OR
juniperjunosMatch21.4r3-s4
OR
juniperjunosMatch22.1r1
OR
juniperjunosMatch22.1r1-s1
OR
juniperjunosMatch22.1r1-s2
OR
juniperjunosMatch22.1r2
OR
juniperjunosMatch22.1r2-s1
OR
juniperjunosMatch22.1r2-s2
OR
juniperjunosMatch22.1r3
OR
juniperjunosMatch22.1r3-s1
OR
juniperjunosMatch22.1r3-s2
OR
juniperjunosMatch22.2r1
OR
juniperjunosMatch22.2r1-s1
OR
juniperjunosMatch22.2r1-s2
OR
juniperjunosMatch22.2r2
OR
juniperjunosMatch22.2r2-s1
OR
juniperjunosMatch22.2r2-s2
OR
juniperjunosMatch22.2r3
OR
juniperjunosMatch22.2r3-s1
OR
juniperjunosMatch22.3r1
OR
juniperjunosMatch22.3r1-s1
OR
juniperjunosMatch22.3r1-s2
OR
juniperjunosMatch22.3r2
OR
juniperjunosMatch22.3r2-s1
OR
juniperjunosMatch22.4r1
OR
juniperjunosMatch22.4r1-s1
OR
juniperjunosMatch22.4r1-s2
OR
juniperjunosMatch22.4r2
AND
juniperex2200Match-
OR
juniperex2200-cMatch-
OR
juniperex2200-vcMatch-
OR
juniperex2300Match-
OR
juniperex2300-24mpMatch-
OR
juniperex2300-24pMatch-
OR
juniperex2300-24tMatch-
OR
juniperex2300-48mpMatch-
OR
juniperex2300-48pMatch-
OR
juniperex2300-48tMatch-
OR
juniperex2300-cMatch-
OR
juniperex2300mMatch-
OR
juniperex3200Match-
OR
juniperex3300Match-
OR
juniperex3300-vcMatch-
OR
juniperex3400Match-
OR
juniperex4200Match-
OR
juniperex4200-vcMatch-
OR
juniperex4300Match-
OR
juniperex4300-24pMatch-
OR
juniperex4300-24p-sMatch-
OR
juniperex4300-24tMatch-
OR
juniperex4300-24t-sMatch-
OR
juniperex4300-32fMatch-
OR
juniperex4300-32f-dcMatch-
OR
juniperex4300-32f-sMatch-
OR
juniperex4300-48mpMatch-
OR
juniperex4300-48mp-sMatch-
OR
juniperex4300-48pMatch-
OR
juniperex4300-48p-sMatch-
OR
juniperex4300-48tMatch-
OR
juniperex4300-48t-afiMatch-
OR
juniperex4300-48t-dcMatch-
OR
juniperex4300-48t-dc-afiMatch-
OR
juniperex4300-48t-sMatch-
OR
juniperex4300-48tafiMatch-
OR
juniperex4300-48tdcMatch-
OR
juniperex4300-48tdc-afiMatch-
OR
juniperex4300-mpMatch-
OR
juniperex4300-vcMatch-
OR
juniperex4300mMatch-
OR
juniperex4400Match-
OR
juniperex4500Match-
OR
juniperex4500-vcMatch-
OR
juniperex4550Match-
OR
juniperex4550-vcMatch-
OR
juniperex4550\/vcMatch-
OR
juniperex4600Match-
OR
juniperex4600-vcMatch-
OR
juniperex4650Match-
OR
juniperex6200Match-
OR
juniperex6210Match-
OR
juniperex8200Match-
OR
juniperex8200-vcMatch-
OR
juniperex8208Match-
OR
juniperex8216Match-
OR
juniperex9200Match-
OR
juniperex9204Match-
OR
juniperex9208Match-
OR
juniperex9214Match-
OR
juniperex9250Match-
OR
juniperex9251Match-
OR
juniperex9253Match-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "EX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1*",
        "status": "affected",
        "version": "21.1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S6",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S4",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S3",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S1",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R2-S2, 22.3R3",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S1, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      }
    ]
  }
]

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.009

Percentile

82.4%