Lucene search

K
nvd[email protected]NVD:CVE-2023-36846
HistoryAug 17, 2023 - 8:15 p.m.

CVE-2023-36846

2023-08-1720:15:10
CWE-306
web.nvd.nist.gov
1
juniper networks junos os
vulnerability
unauthenticated
file system integrity
upload
arbitrary files

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.008

Percentile

82.2%

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to user.php that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

  • All versions prior to 20.4R3-S8;
  • 21.1 versions 21.1R1 and later;
  • 21.2 versions prior to 21.2R3-S6;
  • 21.3 versions

prior to

21.3R3-S5;

  • 21.4 versions

prior to

21.4R3-S5;

  • 22.1 versions

prior to

22.1R3-S3;

  • 22.2 versions

prior to

22.2R3-S2;

  • 22.3 versions

prior to

22.3R2-S2, 22.3R3;

  • 22.4 versions

prior to

22.4R2-S1, 22.4R3.

Affected configurations

NVD
Node
junipersrx100Match-
OR
junipersrx110Match-
OR
junipersrx1400Match-
OR
junipersrx1500Match-
OR
junipersrx210Match-
OR
junipersrx220Match-
OR
junipersrx240Match-
OR
junipersrx240h2Match-
OR
junipersrx240mMatch-
OR
junipersrx300Match-
OR
junipersrx320Match-
OR
junipersrx340Match-
OR
junipersrx3400Match-
OR
junipersrx345Match-
OR
junipersrx3600Match-
OR
junipersrx380Match-
OR
junipersrx4000Match-
OR
junipersrx4100Match-
OR
junipersrx4200Match-
OR
junipersrx4600Match-
OR
junipersrx5000Match-
OR
junipersrx5400Match-
OR
junipersrx550Match-
OR
junipersrx550_hmMatch-
OR
junipersrx550mMatch-
OR
junipersrx5600Match-
OR
junipersrx5800Match-
OR
junipersrx650Match-
AND
juniperjunosRange<20.4
OR
juniperjunosMatch20.4-
OR
juniperjunosMatch20.4r1
OR
juniperjunosMatch20.4r1-s1
OR
juniperjunosMatch20.4r2
OR
juniperjunosMatch20.4r2-s1
OR
juniperjunosMatch20.4r2-s2
OR
juniperjunosMatch20.4r3
OR
juniperjunosMatch20.4r3-s1
OR
juniperjunosMatch20.4r3-s2
OR
juniperjunosMatch20.4r3-s3
OR
juniperjunosMatch20.4r3-s4
OR
juniperjunosMatch20.4r3-s5
OR
juniperjunosMatch20.4r3-s6
OR
juniperjunosMatch20.4r3-s7
OR
juniperjunosMatch21.1r1
OR
juniperjunosMatch21.1r1-s1
OR
juniperjunosMatch21.1r2
OR
juniperjunosMatch21.1r2-s1
OR
juniperjunosMatch21.1r2-s2
OR
juniperjunosMatch21.1r3
OR
juniperjunosMatch21.1r3-s1
OR
juniperjunosMatch21.1r3-s2
OR
juniperjunosMatch21.1r3-s3
OR
juniperjunosMatch21.1r3-s4
OR
juniperjunosMatch21.1r3-s5
OR
juniperjunosMatch21.2-
OR
juniperjunosMatch21.2r1
OR
juniperjunosMatch21.2r1-s1
OR
juniperjunosMatch21.2r1-s2
OR
juniperjunosMatch21.2r2
OR
juniperjunosMatch21.2r2-s1
OR
juniperjunosMatch21.2r2-s2
OR
juniperjunosMatch21.2r3
OR
juniperjunosMatch21.2r3-s1
OR
juniperjunosMatch21.2r3-s2
OR
juniperjunosMatch21.2r3-s3
OR
juniperjunosMatch21.2r3-s4
OR
juniperjunosMatch21.2r3-s5
OR
juniperjunosMatch21.3-
OR
juniperjunosMatch21.3r1
OR
juniperjunosMatch21.3r1-s1
OR
juniperjunosMatch21.3r1-s2
OR
juniperjunosMatch21.3r2
OR
juniperjunosMatch21.3r2-s1
OR
juniperjunosMatch21.3r2-s2
OR
juniperjunosMatch21.3r3
OR
juniperjunosMatch21.3r3-s1
OR
juniperjunosMatch21.3r3-s2
OR
juniperjunosMatch21.3r3-s3
OR
juniperjunosMatch21.3r3-s4
OR
juniperjunosMatch21.4-
OR
juniperjunosMatch21.4r1
OR
juniperjunosMatch21.4r1-s1
OR
juniperjunosMatch21.4r1-s2
OR
juniperjunosMatch21.4r2
OR
juniperjunosMatch21.4r2-s1
OR
juniperjunosMatch21.4r2-s2
OR
juniperjunosMatch21.4r3
OR
juniperjunosMatch21.4r3-s1
OR
juniperjunosMatch21.4r3-s2
OR
juniperjunosMatch21.4r3-s3
OR
juniperjunosMatch21.4r3-s4
OR
juniperjunosMatch22.1r1
OR
juniperjunosMatch22.1r1-s1
OR
juniperjunosMatch22.1r1-s2
OR
juniperjunosMatch22.1r2
OR
juniperjunosMatch22.1r2-s1
OR
juniperjunosMatch22.1r2-s2
OR
juniperjunosMatch22.1r3
OR
juniperjunosMatch22.1r3-s1
OR
juniperjunosMatch22.1r3-s2
OR
juniperjunosMatch22.2r1
OR
juniperjunosMatch22.2r1-s1
OR
juniperjunosMatch22.2r1-s2
OR
juniperjunosMatch22.2r2
OR
juniperjunosMatch22.2r2-s1
OR
juniperjunosMatch22.2r2-s2
OR
juniperjunosMatch22.2r3
OR
juniperjunosMatch22.2r3-s1
OR
juniperjunosMatch22.3r1
OR
juniperjunosMatch22.3r1-s1
OR
juniperjunosMatch22.3r1-s2
OR
juniperjunosMatch22.3r2
OR
juniperjunosMatch22.3r2-s1
OR
juniperjunosMatch22.4r1
OR
juniperjunosMatch22.4r1-s1
OR
juniperjunosMatch22.4r1-s2
OR
juniperjunosMatch22.4r2

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.008

Percentile

82.2%