377 matches found
CVE-2023-36851 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...
MTN Group: Remote code execution [CVE-2023-36845]
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series was discovered. The vulnerability allowed an unauthenticated, network-based attacker to control certain, important environment variables...
Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an "unauthenticated and remote attacker to execute...
Exploitation of Juniper Networks SRX Series and EX Series Devices
On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices: CVE-2023-36846 Affects the SRX Series A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an...
The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX and EX devices allows a attacker to compromise data integrity.
The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX and EX devices is related to a modification of the PHP external variable. Exploiting this vulnerability allows an attacker to compromise data integrity from a remote location...
The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX devices allows a hacker to execute arbitrary code.
The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX devices involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now
Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of...
Juniper Networks Junos OS EX Access Control Error Vulnerability
Juniper Networks Junos OS EX is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS EX is vulnerable to an access control error vulnerability that arises from the...
CVE-2023-36844
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment...
CVE-2023-36846
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is ab...
CVE-2023-36845
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...
CVE-2023-36846
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is ab...
Code injection
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution...
CVE-2023-36846
CVE-2023-36846 (Juniper Junos OS SRX Series) is a Missing Authentication for Critical Function vulnerability. An unauthenticated, network-based attacker can trigger J-Web to upload arbitrary files, leading to a loss of file-system integrity for a portion of the device. Affected Junos OS/SRX Serie...
CVE-2023-36846 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is ab...
CVE-2023-36845
CVE-2023-36845 affects Juniper Junos OS J-Web on EX Series and SRX Series. Root cause: PHP external variable modification via PHPRC allows unauthenticated, network-based Remote Code Execution. Affected versions include pre-20.4R3-S9 and multiple 21.x, 22.x, 23.2 branches with various subversions;...
CVE-2023-36844 Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment...
CVE-2023-36847 Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an...
Juniper Networks Junos OS EX 安全漏洞
Juniper Networks Junos OS EX is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS EX, which is caused by a PHP external variab...
Juniper Networks Junos OS EX 安全漏洞
Juniper Networks Junos OS EX is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS EX, which is caused by a PHP external variab...