CVE-2023-36851 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files

🗓️ 26 Sep 2023 19:53:17Reported by juniperType

Junos OS SRX Series: Unauthenticated attacker can upload/download arbitrary files via J-Web, causing integrity los

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2023-36851	27 Sep 202315:18	–	attackerkb
BDU FSTEC	The vulnerability of the J-Web interface in Juniper Networks Junos OS allows a hacker to execute arbitrary code.	30 Oct 202300:00	–	bdu_fstec
Circl	CVE-2023-36851	20 Sep 202304:00	–	circl
CISA KEV Catalog	Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability	13 Nov 202300:00	–	cisa_kev
CISA	CISA Adds Six Known Exploited Vulnerabilities to Catalog	13 Nov 202312:00	–	cisa
CNNVD	Juniper Networks Junos OS Access Control Error Vulnerability	8 Sep 202300:00	–	cnnvd
CVE	CVE-2023-36851	26 Sep 202319:53	–	cve
Tenable Nessus	Juniper Junos OS Pre-Auth RCE (JSA72300)	25 Aug 202300:00	–	nessus
NVD	CVE-2023-36851	27 Sep 202315:18	–	nvd
OSV	CVE-2023-36851	27 Sep 202315:18	–	osv

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "SRX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.2R3-S8",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S6",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S5",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S3",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S2",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S2, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1-S2, 23.2R2",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
supportportal	www.supportportal.juniper.net/JSA72300

25 Jan 2024 22:36Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.15.3

EPSS0.011

CWE-306