Lucene search

K
nvd[email protected]NVD:CVE-2023-36851
HistorySep 27, 2023 - 3:18 p.m.

CVE-2023-36851

2023-09-2715:18:54
CWE-306
web.nvd.nist.gov
1
juniper networks
junos os
vulnerability
unauthenticated
file system
integrity
security advisory
srx series
cve-2023-36851

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.006

Percentile

78.9%

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to

webauth_operation.php

that doesn’t require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of

integrity or confidentiality, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

21.2 versions prior to 21.2R3-S8;

  • 21.4

versions prior to

21.4R3-S6;

  • 22.1

versions prior to

22.1R3-S5;

  • 22.2

versions prior to

22.2R3-S3;

  • 22.3

versions prior to

22.3R3-S2;

  • 22.4 versions prior to 22,4R2-S2, 22.4R3;
  • 23.2 versions prior to

23.2R1-S2, 23.2R2.

Affected configurations

NVD
Node
juniperex2200Match-
OR
juniperex2200-cMatch-
OR
juniperex2200-vcMatch-
OR
juniperex2300Match-
OR
juniperex2300-24mpMatch-
OR
juniperex2300-24pMatch-
OR
juniperex2300-24tMatch-
OR
juniperex2300-48mpMatch-
OR
juniperex2300-48pMatch-
OR
juniperex2300-48tMatch-
OR
juniperex2300-cMatch-
OR
juniperex2300mMatch-
OR
juniperex3200Match-
OR
juniperex3300Match-
OR
juniperex3300-vcMatch-
OR
juniperex3400Match-
OR
juniperex4200Match-
OR
juniperex4200-vcMatch-
OR
juniperex4300Match-
OR
juniperex4300-24pMatch-
OR
juniperex4300-24p-sMatch-
OR
juniperex4300-24tMatch-
OR
juniperex4300-24t-sMatch-
OR
juniperex4300-32fMatch-
OR
juniperex4300-32f-dcMatch-
OR
juniperex4300-32f-sMatch-
OR
juniperex4300-48mpMatch-
OR
juniperex4300-48mp-sMatch-
OR
juniperex4300-48pMatch-
OR
juniperex4300-48p-sMatch-
OR
juniperex4300-48tMatch-
OR
juniperex4300-48t-afiMatch-
OR
juniperex4300-48t-dcMatch-
OR
juniperex4300-48t-dc-afiMatch-
OR
juniperex4300-48t-sMatch-
OR
juniperex4300-48tafiMatch-
OR
juniperex4300-48tdcMatch-
OR
juniperex4300-48tdc-afiMatch-
OR
juniperex4300-mpMatch-
OR
juniperex4300-vcMatch-
OR
juniperex4300mMatch-
OR
juniperex4400Match-
OR
juniperex4500Match-
OR
juniperex4500-vcMatch-
OR
juniperex4550Match-
OR
juniperex4550-vcMatch-
OR
juniperex4550\/vcMatch-
OR
juniperex4600Match-
OR
juniperex4600-vcMatch-
OR
juniperex4650Match-
OR
juniperex6200Match-
OR
juniperex6210Match-
OR
juniperex8200Match-
OR
juniperex8200-vcMatch-
OR
juniperex8208Match-
OR
juniperex8216Match-
OR
juniperex9200Match-
OR
juniperex9204Match-
OR
juniperex9208Match-
OR
juniperex9214Match-
OR
juniperex9250Match-
OR
juniperex9251Match-
OR
juniperex9253Match-
OR
junipersrx100Match-
OR
junipersrx110Match-
OR
junipersrx1400Match-
OR
junipersrx1500Match-
OR
junipersrx210Match-
OR
junipersrx220Match-
OR
junipersrx240Match-
OR
junipersrx240h2Match-
OR
junipersrx240mMatch-
OR
junipersrx300Match-
OR
junipersrx320Match-
OR
junipersrx340Match-
OR
junipersrx3400Match-
OR
junipersrx345Match-
OR
junipersrx3600Match-
OR
junipersrx380Match-
OR
junipersrx4000Match-
OR
junipersrx4100Match-
OR
junipersrx4200Match-
OR
junipersrx4600Match-
OR
junipersrx5000Match-
OR
junipersrx5400Match-
OR
junipersrx550Match-
OR
junipersrx550_hmMatch-
OR
junipersrx550mMatch-
OR
junipersrx5600Match-
OR
junipersrx5800Match-
OR
junipersrx650Match-
AND
juniperjunosMatch21.2-
OR
juniperjunosMatch21.2r1
OR
juniperjunosMatch21.2r1-s1
OR
juniperjunosMatch21.2r1-s2
OR
juniperjunosMatch21.2r2
OR
juniperjunosMatch21.2r2-s1
OR
juniperjunosMatch21.2r2-s2
OR
juniperjunosMatch21.2r3
OR
juniperjunosMatch21.2r3-s1
OR
juniperjunosMatch21.2r3-s2
OR
juniperjunosMatch21.2r3-s3
OR
juniperjunosMatch21.2r3-s4
OR
juniperjunosMatch21.2r3-s5
OR
juniperjunosMatch21.2r3-s6
OR
juniperjunosMatch21.2r3-s7
OR
juniperjunosMatch21.4-
OR
juniperjunosMatch21.4r1
OR
juniperjunosMatch21.4r1-s1
OR
juniperjunosMatch21.4r1-s2
OR
juniperjunosMatch21.4r2
OR
juniperjunosMatch21.4r2-s1
OR
juniperjunosMatch21.4r2-s2
OR
juniperjunosMatch21.4r3
OR
juniperjunosMatch21.4r3-s1
OR
juniperjunosMatch21.4r3-s2
OR
juniperjunosMatch21.4r3-s3
OR
juniperjunosMatch21.4r3-s4
OR
juniperjunosMatch21.4r3-s5
OR
juniperjunosMatch22.1r1
OR
juniperjunosMatch22.1r1-s1
OR
juniperjunosMatch22.1r1-s2
OR
juniperjunosMatch22.1r2
OR
juniperjunosMatch22.1r2-s1
OR
juniperjunosMatch22.1r2-s2
OR
juniperjunosMatch22.1r3
OR
juniperjunosMatch22.1r3-s1
OR
juniperjunosMatch22.1r3-s2
OR
juniperjunosMatch22.1r3-s3
OR
juniperjunosMatch22.1r3-s4
OR
juniperjunosMatch22.2r1
OR
juniperjunosMatch22.2r1-s1
OR
juniperjunosMatch22.2r1-s2
OR
juniperjunosMatch22.2r2
OR
juniperjunosMatch22.2r2-s1
OR
juniperjunosMatch22.2r2-s2
OR
juniperjunosMatch22.2r3
OR
juniperjunosMatch22.2r3-s1
OR
juniperjunosMatch22.2r3-s2
OR
juniperjunosMatch22.3r1
OR
juniperjunosMatch22.3r1-s1
OR
juniperjunosMatch22.3r1-s2
OR
juniperjunosMatch22.3r2
OR
juniperjunosMatch22.3r2-s1
OR
juniperjunosMatch22.3r3
OR
juniperjunosMatch22.3r3-s1
OR
juniperjunosMatch22.4r1
OR
juniperjunosMatch22.4r1-s1
OR
juniperjunosMatch22.4r1-s2
OR
juniperjunosMatch22.4r2
OR
juniperjunosMatch22.4r2-s1
OR
juniperjunosMatch23.2r1
OR
juniperjunosMatch23.2r1-s1

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.006

Percentile

78.9%