Lucene search
HistorySep 27, 2023 - 3:18 p.m.
CVE-2023-36851
juniper networks
junos os
vulnerability
unauthenticated
file system
integrity
security advisory
srx series
cve-2023-36851
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.9%
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to
webauth_operation.php
that doesnβt require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of
integrityΒ or confidentiality, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
21.2 versions prior to 21.2R3-S8;
- 21.4
versions prior to
21.4R3-S6;
- 22.1
versions prior to
22.1R3-S5;
- 22.2
versions prior to
22.2R3-S3;
- 22.3
versions prior to
22.3R3-S2;
- 22.4 versions prior to 22,4R2-S2, 22.4R3;
- 23.2 versions prior to
23.2R1-S2,Β 23.2R2.
Affected configurations
Node
juniperex2200Match-
ORjuniperex2200-cMatch-
ORjuniperex2200-vcMatch-
ORjuniperex2300Match-
ORjuniperex2300-24mpMatch-
ORjuniperex2300-24pMatch-
ORjuniperex2300-24tMatch-
ORjuniperex2300-48mpMatch-
ORjuniperex2300-48pMatch-
ORjuniperex2300-48tMatch-
ORjuniperex2300-cMatch-
ORjuniperex2300mMatch-
ORjuniperex3200Match-
ORjuniperex3300Match-
ORjuniperex3300-vcMatch-
ORjuniperex3400Match-
ORjuniperex4200Match-
ORjuniperex4200-vcMatch-
ORjuniperex4300Match-
ORjuniperex4300-24pMatch-
ORjuniperex4300-24p-sMatch-
ORjuniperex4300-24tMatch-
ORjuniperex4300-24t-sMatch-
ORjuniperex4300-32fMatch-
ORjuniperex4300-32f-dcMatch-
ORjuniperex4300-32f-sMatch-
ORjuniperex4300-48mpMatch-
ORjuniperex4300-48mp-sMatch-
ORjuniperex4300-48pMatch-
ORjuniperex4300-48p-sMatch-
ORjuniperex4300-48tMatch-
ORjuniperex4300-48t-afiMatch-
ORjuniperex4300-48t-dcMatch-
ORjuniperex4300-48t-dc-afiMatch-
ORjuniperex4300-48t-sMatch-
ORjuniperex4300-48tafiMatch-
ORjuniperex4300-48tdcMatch-
ORjuniperex4300-48tdc-afiMatch-
ORjuniperex4300-mpMatch-
ORjuniperex4300-vcMatch-
ORjuniperex4300mMatch-
ORjuniperex4400Match-
ORjuniperex4500Match-
ORjuniperex4500-vcMatch-
ORjuniperex4550Match-
ORjuniperex4550-vcMatch-
ORjuniperex4550\/vcMatch-
ORjuniperex4600Match-
ORjuniperex4600-vcMatch-
ORjuniperex4650Match-
ORjuniperex6200Match-
ORjuniperex6210Match-
ORjuniperex8200Match-
ORjuniperex8200-vcMatch-
ORjuniperex8208Match-
ORjuniperex8216Match-
ORjuniperex9200Match-
ORjuniperex9204Match-
ORjuniperex9208Match-
ORjuniperex9214Match-
ORjuniperex9250Match-
ORjuniperex9251Match-
ORjuniperex9253Match-
ORjunipersrx100Match-
ORjunipersrx110Match-
ORjunipersrx1400Match-
ORjunipersrx1500Match-
ORjunipersrx210Match-
ORjunipersrx220Match-
ORjunipersrx240Match-
ORjunipersrx240h2Match-
ORjunipersrx240mMatch-
ORjunipersrx300Match-
ORjunipersrx320Match-
ORjunipersrx340Match-
ORjunipersrx3400Match-
ORjunipersrx345Match-
ORjunipersrx3600Match-
ORjunipersrx380Match-
ORjunipersrx4000Match-
ORjunipersrx4100Match-
ORjunipersrx4200Match-
ORjunipersrx4600Match-
ORjunipersrx5000Match-
ORjunipersrx5400Match-
ORjunipersrx550Match-
ORjunipersrx550_hmMatch-
ORjunipersrx550mMatch-
ORjunipersrx5600Match-
ORjunipersrx5800Match-
ORjunipersrx650Match-
juniperjunosRange<20.4
ORjuniperjunosMatch20.4-
ORjuniperjunosMatch20.4r1
ORjuniperjunosMatch20.4r1-s1
ORjuniperjunosMatch20.4r2
ORjuniperjunosMatch20.4r2-s1
ORjuniperjunosMatch20.4r2-s2
ORjuniperjunosMatch20.4r3
ORjuniperjunosMatch20.4r3-s1
ORjuniperjunosMatch20.4r3-s2
ORjuniperjunosMatch20.4r3-s3
ORjuniperjunosMatch20.4r3-s4
ORjuniperjunosMatch20.4r3-s5
ORjuniperjunosMatch20.4r3-s6
ORjuniperjunosMatch20.4r3-s7
ORjuniperjunosMatch20.4r3-s8
ORjuniperjunosMatch21.1r1
ORjuniperjunosMatch21.1r1-s1
ORjuniperjunosMatch21.1r2
ORjuniperjunosMatch21.1r2-s1
ORjuniperjunosMatch21.1r2-s2
ORjuniperjunosMatch21.1r3
ORjuniperjunosMatch21.1r3-s1
ORjuniperjunosMatch21.1r3-s2
ORjuniperjunosMatch21.1r3-s3
ORjuniperjunosMatch21.1r3-s4
ORjuniperjunosMatch21.1r3-s5
ORjuniperjunosMatch21.2-
ORjuniperjunosMatch21.2r1
ORjuniperjunosMatch21.2r1-s1
ORjuniperjunosMatch21.2r1-s2
ORjuniperjunosMatch21.2r2
ORjuniperjunosMatch21.2r2-s1
ORjuniperjunosMatch21.2r2-s2
ORjuniperjunosMatch21.2r3
ORjuniperjunosMatch21.2r3-s1
ORjuniperjunosMatch21.2r3-s2
ORjuniperjunosMatch21.2r3-s3
ORjuniperjunosMatch21.2r3-s4
ORjuniperjunosMatch21.2r3-s5
ORjuniperjunosMatch21.2r3-s6
ORjuniperjunosMatch21.3-
ORjuniperjunosMatch21.3r1
ORjuniperjunosMatch21.3r1-s1
ORjuniperjunosMatch21.3r1-s2
ORjuniperjunosMatch21.3r2
ORjuniperjunosMatch21.3r2-s1
ORjuniperjunosMatch21.3r2-s2
ORjuniperjunosMatch21.3r3
ORjuniperjunosMatch21.3r3-s1
ORjuniperjunosMatch21.3r3-s2
ORjuniperjunosMatch21.3r3-s3
ORjuniperjunosMatch21.3r3-s4
ORjuniperjunosMatch21.4-
ORjuniperjunosMatch21.4r1
ORjuniperjunosMatch21.4r1-s1
ORjuniperjunosMatch21.4r1-s2
ORjuniperjunosMatch21.4r2
ORjuniperjunosMatch21.4r2-s1
ORjuniperjunosMatch21.4r2-s2
ORjuniperjunosMatch21.4r3
ORjuniperjunosMatch21.4r3-s1
ORjuniperjunosMatch21.4r3-s2
ORjuniperjunosMatch21.4r3-s3
ORjuniperjunosMatch21.4r3-s4
ORjuniperjunosMatch22.1r1
ORjuniperjunosMatch22.1r1-s1
ORjuniperjunosMatch22.1r1-s2
ORjuniperjunosMatch22.1r2
ORjuniperjunosMatch22.1r2-s1
ORjuniperjunosMatch22.1r2-s2
ORjuniperjunosMatch22.1r3
ORjuniperjunosMatch22.1r3-s1
ORjuniperjunosMatch22.1r3-s2
ORjuniperjunosMatch22.1r3-s3
ORjuniperjunosMatch22.2r1
ORjuniperjunosMatch22.2r1-s1
ORjuniperjunosMatch22.2r1-s2
ORjuniperjunosMatch22.2r2
ORjuniperjunosMatch22.2r2-s1
ORjuniperjunosMatch22.2r2-s2
ORjuniperjunosMatch22.2r3
ORjuniperjunosMatch22.2r3-s1
ORjuniperjunosMatch22.3r1
ORjuniperjunosMatch22.3r1-s1
ORjuniperjunosMatch22.3r1-s2
ORjuniperjunosMatch22.3r2
ORjuniperjunosMatch22.3r2-s1
ORjuniperjunosMatch22.4r1
ORjuniperjunosMatch22.4r1-s1
ORjuniperjunosMatch22.4r1-s2
ORjuniperjunosMatch22.4r2
ORjuniperjunosMatch23.2r1
References
Related
cisa_kev
cisa_kev
prion
prion
Authentication flaw
2023-09-27 15:18:00
attackerkb
attackerkb
CVE-2023-36851
2023-09-27 00:00:00
cve
cve
CVE-2023-36851
2023-09-27 15:18:54
cvelist
cvelist
thn
thn
Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws
2024-01-30 05:01:00
CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17
2023-11-14 06:03:00
nessus
nessus
Juniper Junos OS Pre-Auth RCE (JSA72300)
2023-08-25 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.9%
Related for NVD:CVE-2023-36851