Lucene search
JuniperCVELIST:CVE-2023-36851HistorySep 26, 2023 - 7:53 p.m.
CVE-2023-36851 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files
2023-09-2619:53:17
CWE-306
juniper
raw.githubusercontent.com
2
juniper networks
junos os
srx series
unauthenticated attacker
file upload
file download
integrity loss
confidentiality loss
vulnerability
webauth_operation.php
version affected
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to
webauth_operation.php
that doesnβt require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of
integrityΒ or confidentiality, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
21.2 versions prior to 21.2R3-S8;
- 21.4
versions prior to
21.4R3-S6;
- 22.1
versions prior to
22.1R3-S5;
- 22.2
versions prior to
22.2R3-S3;
- 22.3
versions prior to
22.3R3-S2;
- 22.4 versions prior to 22,4R2-S2, 22.4R3;
- 23.2 versions prior to
23.2R1-S2,Β 23.2R2.
Related
cisa_kev
cisa_kev
prion
prion
Authentication flaw
2023-09-27 15:18:00
attackerkb
attackerkb
CVE-2023-36851
2023-09-27 00:00:00
cve
cve
CVE-2023-36851
2023-09-27 15:18:54
thn
thn
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws
2024-01-30 05:01:00
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
2023-11-14 06:03:00
nessus
nessus
Juniper Junos OS Pre-Auth RCE (JSA72300)
2023-08-25 00:00:00