Lucene search

JuniperCVELIST:CVE-2023-28963

HistoryApr 17, 2023 - 12:00 a.m.

CVE-2023-28963 Junos OS: User-controlled input vulnerability in J-Web

2023-04-1700:00:00

CWE-287

juniper

www.cve.org

junos os

user-controlled input vulnerability

j-web component

unauthorized access

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

22.6%

JSON

An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from temporary folders on the device. This issue affects Juniper Networks Junos OS: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S7; 20.3 version 20.3R1 and later versions; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S3; 22.1 versions prior to 22.1R3-S1; 22.2 versions prior to 22.2R2-S1, 22.2R3; 22.3 versions prior to 22.3R1-S2, 22.3R2.

CNA Affected

[
  {
    "vendor": "Juniper Networks",
    "product": "Junos OS",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "19.1R3-S10",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "19.2",
        "status": "affected",
        "lessThan": "19.2R3-S7",
        "versionType": "custom"
      },
      {
        "version": "19.3",
        "status": "affected",
        "lessThan": "19.3R3-S8",
        "versionType": "custom"
      },
      {
        "version": "19.4",
        "status": "affected",
        "lessThan": "19.4R3-S11",
        "versionType": "custom"
      },
      {
        "version": "20.1R1",
        "status": "affected",
        "lessThan": "20.1*",
        "versionType": "custom"
      },
      {
        "version": "20.2",
        "status": "affected",
        "lessThan": "20.2R3-S7",
        "versionType": "custom"
      },
      {
        "version": "20.3R1",
        "status": "affected",
        "lessThan": "20.3*",
        "versionType": "custom"
      },
      {
        "version": "20.4",
        "status": "affected",
        "lessThan": "20.4R3-S6",
        "versionType": "custom"
      },
      {
        "version": "21.1",
        "status": "affected",
        "lessThan": "21.1R3-S5",
        "versionType": "custom"
      },
      {
        "version": "21.2",
        "status": "affected",
        "lessThan": "21.2R3-S4",
        "versionType": "custom"
      },
      {
        "version": "21.3",
        "status": "affected",
        "lessThan": "21.3R3-S3",
        "versionType": "custom"
      },
      {
        "version": "21.4",
        "status": "affected",
        "lessThan": "21.4R3-S3",
        "versionType": "custom"
      },
      {
        "version": "22.1",
        "status": "affected",
        "lessThan": "22.1R3-S1",
        "versionType": "custom"
      },
      {
        "version": "22.2",
        "status": "affected",
        "lessThan": "22.2R2-S1, 22.2R3",
        "versionType": "custom"
      },
      {
        "version": "22.3",
        "status": "affected",
        "lessThan": "22.3R1-S2, 22.3R2",
        "versionType": "custom"
      }
    ]
  }
]

References

supportportal.juniper.net/JSA70587

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

22.6%

JSON

Related for CVELIST:CVE-2023-28963