Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-36847
HistoryAug 17, 2023 - 8:15 p.m.

Authentication flaw

2023-08-1720:15:00
PRIOn knowledge base
www.prio-n.com
11
authentication flaw
juniper networks
junos os
ex series
unauthenticated
file upload
vulnerability
impact
integrity
chaining
nvd

AI Score

6

Confidence

High

EPSS

0.008

Percentile

82.2%

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to installAppPackage.php that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on EX Series:

  • All versions prior to 20.4R3-S8;
  • 21.1 versions 21.1R1 and later;
  • 21.2 versions prior to 21.2R3-S6;
  • 21.3 versions

prior to

21.3R3-S5;

  • 21.4 versions

prior to

21.4R3-S4;

  • 22.1 versions

prior to

22.1R3-S3;

  • 22.2 versions

prior to

22.2R3-S1;

  • 22.3 versions

prior to

22.3R2-S2, 22.3R3;

  • 22.4 versions

prior to

22.4R2-S1, 22.4R3.

AI Score

6

Confidence

High

EPSS

0.008

Percentile

82.2%