Lucene search

K
prionPRIOn knowledge basePRION:CVE-2023-36851
HistorySep 27, 2023 - 3:18 p.m.

Authentication flaw

2023-09-2715:18:00
PRIOn knowledge base
www.prio-n.com
28
authentication flaw
juniper networks
junos os
srx series
unauthenticated attacker
file system integrity
j-web
vulnerability
nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.9%

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to

webauth_operation.php

that doesn’t require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of

integrity or confidentiality, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

21.2 versions prior to 21.2R3-S8;

  • 21.4

versions prior to

21.4R3-S6;

  • 22.1

versions prior to

22.1R3-S5;

  • 22.2

versions prior to

22.2R3-S3;

  • 22.3

versions prior to

22.3R3-S2;

  • 22.4 versions prior to 22,4R2-S2, 22.4R3;
  • 23.2 versions prior to

23.2R1-S2, 23.2R2.

Rows per page:
1-10 of 931

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.9%

Related for PRION:CVE-2023-36851