Lucene search

[email protected]NVD:CVE-2023-36847

HistoryAug 17, 2023 - 8:15 p.m.

CVE-2023-36847

2023-08-1720:15:10

CWE-306

[email protected]

web.nvd.nist.gov

juniper networks

junos os

authentication vulnerability

unauthenticated

file upload

ex series

cve-2023-36847

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.007

Percentile

81.2%

JSON

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to installAppPackage.php that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on EX Series:

All versions prior to 20.4R3-S8;
21.1 versions 21.1R1 and later;
21.2 versions prior to 21.2R3-S6;
21.3 versions

prior to

21.3R3-S5;

21.4 versions

prior to

21.4R3-S4;

22.1 versions

prior to

22.1R3-S3;

22.2 versions

prior to

22.2R3-S1;

22.3 versions

prior to

22.3R2-S2, 22.3R3;

22.4 versions

prior to

22.4R2-S1, 22.4R3.

Affected configurations

Nvd

Node

juniperjunosRange<20.4

juniperjunosMatch20.4-

juniperjunosMatch20.4r1

juniperjunosMatch20.4r1-s1

juniperjunosMatch20.4r2

juniperjunosMatch20.4r2-s1

juniperjunosMatch20.4r2-s2

juniperjunosMatch20.4r3

juniperjunosMatch20.4r3-s1

juniperjunosMatch20.4r3-s2

juniperjunosMatch20.4r3-s3

juniperjunosMatch20.4r3-s4

juniperjunosMatch20.4r3-s5

juniperjunosMatch20.4r3-s6

juniperjunosMatch20.4r3-s7

juniperjunosMatch21.1r1

juniperjunosMatch21.1r1-s1

juniperjunosMatch21.1r2

juniperjunosMatch21.1r2-s1

juniperjunosMatch21.1r2-s2

juniperjunosMatch21.1r3

juniperjunosMatch21.1r3-s1

juniperjunosMatch21.1r3-s2

juniperjunosMatch21.1r3-s3

juniperjunosMatch21.1r3-s4

juniperjunosMatch21.1r3-s5

juniperjunosMatch21.2-

juniperjunosMatch21.2r1

juniperjunosMatch21.2r1-s1

juniperjunosMatch21.2r1-s2

juniperjunosMatch21.2r2

juniperjunosMatch21.2r2-s1

juniperjunosMatch21.2r2-s2

juniperjunosMatch21.2r3

juniperjunosMatch21.2r3-s1

juniperjunosMatch21.2r3-s2

juniperjunosMatch21.2r3-s3

juniperjunosMatch21.2r3-s4

juniperjunosMatch21.2r3-s5

juniperjunosMatch21.3-

juniperjunosMatch21.3r1

juniperjunosMatch21.3r1-s1

juniperjunosMatch21.3r1-s2

juniperjunosMatch21.3r2

juniperjunosMatch21.3r2-s1

juniperjunosMatch21.3r2-s2

juniperjunosMatch21.3r3

juniperjunosMatch21.3r3-s1

juniperjunosMatch21.3r3-s2

juniperjunosMatch21.3r3-s3

juniperjunosMatch21.3r3-s4

juniperjunosMatch21.4-

juniperjunosMatch21.4r1

juniperjunosMatch21.4r1-s1

juniperjunosMatch21.4r1-s2

juniperjunosMatch21.4r2

juniperjunosMatch21.4r2-s1

juniperjunosMatch21.4r2-s2

juniperjunosMatch21.4r3

juniperjunosMatch21.4r3-s1

juniperjunosMatch21.4r3-s2

juniperjunosMatch21.4r3-s3

juniperjunosMatch21.4r3-s4

juniperjunosMatch22.1r1

juniperjunosMatch22.1r1-s1

juniperjunosMatch22.1r1-s2

juniperjunosMatch22.1r2

juniperjunosMatch22.1r2-s1

juniperjunosMatch22.1r2-s2

juniperjunosMatch22.1r3

juniperjunosMatch22.1r3-s1

juniperjunosMatch22.1r3-s2

juniperjunosMatch22.2r1

juniperjunosMatch22.2r1-s1

juniperjunosMatch22.2r1-s2

juniperjunosMatch22.2r2

juniperjunosMatch22.2r2-s1

juniperjunosMatch22.2r2-s2

juniperjunosMatch22.2r3

juniperjunosMatch22.2r3-s1

juniperjunosMatch22.3r1

juniperjunosMatch22.3r1-s1

juniperjunosMatch22.3r1-s2

juniperjunosMatch22.3r2

juniperjunosMatch22.3r2-s1

juniperjunosMatch22.4r1

juniperjunosMatch22.4r1-s1

juniperjunosMatch22.4r1-s2

juniperjunosMatch22.4r2

AND

juniperex2200Match-

juniperex2200-cMatch-

juniperex2200-vcMatch-

juniperex2300Match-

juniperex2300-24mpMatch-

juniperex2300-24pMatch-

juniperex2300-24tMatch-

juniperex2300-48mpMatch-

juniperex2300-48pMatch-

juniperex2300-48tMatch-

juniperex2300-cMatch-

juniperex2300mMatch-

juniperex3200Match-

juniperex3300Match-

juniperex3300-vcMatch-

juniperex3400Match-

juniperex4200Match-

juniperex4200-vcMatch-

juniperex4300Match-

juniperex4300-24pMatch-

juniperex4300-24p-sMatch-

juniperex4300-24tMatch-

juniperex4300-24t-sMatch-

juniperex4300-32fMatch-

juniperex4300-32f-dcMatch-

juniperex4300-32f-sMatch-

juniperex4300-48mpMatch-

juniperex4300-48mp-sMatch-

juniperex4300-48pMatch-

juniperex4300-48p-sMatch-

juniperex4300-48tMatch-

juniperex4300-48t-afiMatch-

juniperex4300-48t-dcMatch-

juniperex4300-48t-dc-afiMatch-

juniperex4300-48t-sMatch-

juniperex4300-48tafiMatch-

juniperex4300-48tdcMatch-

juniperex4300-48tdc-afiMatch-

juniperex4300-mpMatch-

juniperex4300-vcMatch-

juniperex4300mMatch-

juniperex4400Match-

juniperex4500Match-

juniperex4500-vcMatch-

juniperex4550Match-

juniperex4550-vcMatch-

juniperex4550\/vcMatch-

juniperex4600Match-

juniperex4600-vcMatch-

juniperex4650Match-

juniperex6200Match-

juniperex6210Match-

juniperex8200Match-

juniperex8200-vcMatch-

juniperex8208Match-

juniperex8216Match-

juniperex9200Match-

juniperex9204Match-

juniperex9208Match-

juniperex9214Match-

juniperex9250Match-

juniperex9251Match-

juniperex9253Match-

References

supportportal.juniper.net/JSA72300

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.007

Percentile

81.2%

JSON

Related for NVD:CVE-2023-36847

attackerkb2 cisa_kev1 cvelist1 cnvd1 prion1 cve1 nuclei1 thn4 githubexploit2 rapid7blog1 nessus1