A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to
webauth_operation.php
that doesnβt require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of
integrityΒ or confidentiality, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
21.2 versions prior to 21.2R3-S8;
versions prior to
21.4R3-S6;
versions prior to
22.1R3-S5;
versions prior to
22.2R3-S3;
versions prior to
22.3R3-S2;
23.2R1-S2,Β 23.2R2.