Lucene search
K

377 matches found

Cvelist
Cvelist
added 2023/09/26 7:53 p.m.38 views

CVE-2023-36851 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...

5.3CVSS6.2AI score0.01091EPSS
Exploits0References1
Hacker One
Hacker One
added 2023/09/26 4:9 p.m.12 views

MTN Group: Remote code execution [CVE-2023-36845]

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series was discovered. The vulnerability allowed an unauthenticated, network-based attacker to control certain, important environment variables...

9.8CVSS6.9AI score0.93546EPSS
Exploits25
The Hacker News
The Hacker News
added 2023/09/19 9:30 a.m.51 views

Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability

New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an "unauthenticated and remote attacker to execute...

9.8CVSS8.2AI score0.94205EPSS
Exploits28
Rapid7 Blog
Rapid7 Blog
added 2023/08/31 8:23 p.m.67 views

Exploitation of Juniper Networks SRX Series and EX Series Devices

On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices: CVE-2023-36846 Affects the SRX Series A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an...

5CVSS8.4AI score0.94205EPSS
Exploits28
BDU FSTEC
BDU FSTEC
added 2023/08/30 12:0 a.m.6 views

The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX and EX devices allows a attacker to compromise data integrity.

The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX and EX devices is related to a modification of the PHP external variable. Exploiting this vulnerability allows an attacker to compromise data integrity from a remote location...

5.3CVSS7.1AI score0.89628EPSS
Exploits7References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/23 12:0 a.m.8 views

The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX devices allows a hacker to execute arbitrary code.

The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX devices involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.1AI score0.94205EPSS
Exploits4References4Affected Software1
The Hacker News
The Hacker News
added 2023/08/19 7:38 a.m.77 views

New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now

Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of...

9.8CVSS7.7AI score0.94205EPSS
Exploits28
CNVD
CNVD
added 2023/08/19 12:0 a.m.28 views

Juniper Networks Junos OS EX Access Control Error Vulnerability

Juniper Networks Junos OS EX is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS EX is vulnerable to an access control error vulnerability that arises from the...

5.3CVSS7.2AI score0.84692EPSS
Exploits2References1
NVD
NVD
added 2023/08/17 8:15 p.m.24 views

CVE-2023-36844

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment...

5.3CVSS5.6AI score0.89628EPSS
Exploits7References3
ATTACKERKB
ATTACKERKB
added 2023/08/17 8:15 p.m.43 views

CVE-2023-36846

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is ab...

5.3CVSS7.1AI score0.94205EPSS
In wildExploits4References3Affected Software1
OSV
OSV
added 2023/08/17 8:15 p.m.4 views

CVE-2023-36845

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...

9.8CVSS5.9AI score0.93546EPSS
Exploits25References4
OSV
OSV
added 2023/08/17 8:15 p.m.5 views

CVE-2023-36846

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is ab...

5.3CVSS5.8AI score0.94205EPSS
Exploits4References2
Prion
Prion
added 2023/08/17 8:15 p.m.35 views

Code injection

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...

7.5CVSS7.5AI score0.93546EPSS
Exploits25References3Affected Software1
CVE
CVE
added 2023/08/17 7:18 p.m.348 views

CVE-2023-36846

CVE-2023-36846 (Juniper Junos OS SRX Series) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can trigger J-Web to upload arbitrary files, leading to a loss of file-system integrity for a portion of the device. Affected Junos OS/SRX Serie...

5.3CVSS6.2AI score0.94205EPSS
In wildExploits4References2Affected Software1
Cvelist
Cvelist
added 2023/08/17 7:18 p.m.42 views

CVE-2023-36846 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is ab...

5.3CVSS7.9AI score0.94205EPSS
Exploits4References1
CVE
CVE
added 2023/08/17 7:17 p.m.453 views

CVE-2023-36845

CVE-2023-36845 affects Juniper Junos OS J-Web on EX Series and SRX Series. Root cause: PHP external variable modification via PHPRC allows unauthenticated, network-based Remote Code Execution. Affected versions include pre-20.4R3-S9 and multiple 21.x, 22.x, 23.2 branches with various subversions;...

9.8CVSS7.7AI score0.93546EPSS
In wildExploits25References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/17 7:17 p.m.12 views

CVE-2023-36844 Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment...

5.3CVSS7.1AI score0.89628EPSS
Exploits7References2
Cvelist
Cvelist
added 2023/08/17 7:16 p.m.31 views

CVE-2023-36847 Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...

5.3CVSS7.9AI score0.84692EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.6 views

Juniper Networks Junos OS EX 安全漏洞

Juniper Networks Junos OS EX is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS EX, which is caused by a PHP external variab...

9.8CVSS7.8AI score0.93546EPSS
Exploits25References8
CNNVD
CNNVD
added 2023/08/17 12:0 a.m.6 views

Juniper Networks Junos OS EX 安全漏洞

Juniper Networks Junos OS EX is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS EX, which is caused by a PHP external variab...

5.3CVSS7.2AI score0.89628EPSS
Exploits7References6
Rows per page
Query Builder