CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.153

EPSS Ranking 94.4%

CVSS Severity

CVSS v3 Score 5.3

Proposed Action

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

Ransomware Campaign

Unknown

References

Products affected by CVE-2023-36851

Juniper » Ex2200-C » Version: N/A

cpe:2.3:h:juniper:ex2200-c:-
Juniper » Ex2200-Vc » Version: N/A

cpe:2.3:h:juniper:ex2200-vc:-
Juniper » Ex2200 » Version: N/A

cpe:2.3:h:juniper:ex2200:-
Juniper » Ex2300-24mp » Version: N/A

cpe:2.3:h:juniper:ex2300-24mp:-
Juniper » Ex2300-24p » Version: N/A

cpe:2.3:h:juniper:ex2300-24p:-
Juniper » Ex2300-24t » Version: N/A

cpe:2.3:h:juniper:ex2300-24t:-
Juniper » Ex2300-48mp » Version: N/A

cpe:2.3:h:juniper:ex2300-48mp:-
Juniper » Ex2300-48p » Version: N/A

cpe:2.3:h:juniper:ex2300-48p:-
Juniper » Ex2300-48t » Version: N/A

cpe:2.3:h:juniper:ex2300-48t:-
Juniper » Ex2300-C » Version: N/A

cpe:2.3:h:juniper:ex2300-c:-
Juniper » Ex2300 » Version: N/A

cpe:2.3:h:juniper:ex2300:-
Juniper » Ex2300m » Version: N/A

cpe:2.3:h:juniper:ex2300m:-
Juniper » Ex3200 » Version: N/A

cpe:2.3:h:juniper:ex3200:-
Juniper » Ex3300-Vc » Version: N/A

cpe:2.3:h:juniper:ex3300-vc:-
Juniper » Ex3300 » Version: N/A

cpe:2.3:h:juniper:ex3300:-
Juniper » Ex3400 » Version: N/A

cpe:2.3:h:juniper:ex3400:-
Juniper » Ex4200-Vc » Version: N/A

cpe:2.3:h:juniper:ex4200-vc:-
Juniper » Ex4200 » Version: N/A

cpe:2.3:h:juniper:ex4200:-
Juniper » Ex4300-24p-S » Version: N/A

cpe:2.3:h:juniper:ex4300-24p-s:-
Juniper » Ex4300-24p » Version: N/A

cpe:2.3:h:juniper:ex4300-24p:-
Juniper » Ex4300-24t-S » Version: N/A

cpe:2.3:h:juniper:ex4300-24t-s:-
Juniper » Ex4300-24t » Version: N/A

cpe:2.3:h:juniper:ex4300-24t:-
Juniper » Ex4300-32f-Dc » Version: N/A

cpe:2.3:h:juniper:ex4300-32f-dc:-
Juniper » Ex4300-32f-S » Version: N/A

cpe:2.3:h:juniper:ex4300-32f-s:-
Juniper » Ex4300-32f » Version: N/A

cpe:2.3:h:juniper:ex4300-32f:-
Juniper » Ex4300-48mp-S » Version: N/A

cpe:2.3:h:juniper:ex4300-48mp-s:-
Juniper » Ex4300-48mp » Version: N/A

cpe:2.3:h:juniper:ex4300-48mp:-
Juniper » Ex4300-48p-S » Version: N/A

cpe:2.3:h:juniper:ex4300-48p-s:-
Juniper » Ex4300-48p » Version: N/A

cpe:2.3:h:juniper:ex4300-48p:-
Juniper » Ex4300-48t-Afi » Version: N/A

cpe:2.3:h:juniper:ex4300-48t-afi:-
Juniper » Ex4300-48t-Dc-Afi » Version: N/A

cpe:2.3:h:juniper:ex4300-48t-dc-afi:-
Juniper » Ex4300-48t-Dc » Version: N/A

cpe:2.3:h:juniper:ex4300-48t-dc:-
Juniper » Ex4300-48t-S » Version: N/A

cpe:2.3:h:juniper:ex4300-48t-s:-
Juniper » Ex4300-48t » Version: N/A

cpe:2.3:h:juniper:ex4300-48t:-
Juniper » Ex4300-48tafi » Version: N/A

cpe:2.3:h:juniper:ex4300-48tafi:-
Juniper » Ex4300-48tdc-Afi » Version: N/A

cpe:2.3:h:juniper:ex4300-48tdc-afi:-
Juniper » Ex4300-48tdc » Version: N/A

cpe:2.3:h:juniper:ex4300-48tdc:-
Juniper » Ex4300-Mp » Version: N/A

cpe:2.3:h:juniper:ex4300-mp:-
Juniper » Ex4300-Vc » Version: N/A

cpe:2.3:h:juniper:ex4300-vc:-
Juniper » Ex4300 » Version: N/A

cpe:2.3:h:juniper:ex4300:-
Juniper » Ex4300m » Version: N/A

cpe:2.3:h:juniper:ex4300m:-
Juniper » Ex4400 » Version: N/A

cpe:2.3:h:juniper:ex4400:-
Juniper » Ex4500-Vc » Version: N/A

cpe:2.3:h:juniper:ex4500-vc:-
Juniper » Ex4500 » Version: N/A

cpe:2.3:h:juniper:ex4500:-
Juniper » Ex4550-Vc » Version: N/A

cpe:2.3:h:juniper:ex4550-vc:-
Juniper » Ex4550/vc » Version: N/A

cpe:2.3:h:juniper:ex4550/vc:-
Juniper » Ex4550 » Version: N/A

cpe:2.3:h:juniper:ex4550:-
Juniper » Ex4600-Vc » Version: N/A

cpe:2.3:h:juniper:ex4600-vc:-
Juniper » Ex4600 » Version: N/A

cpe:2.3:h:juniper:ex4600:-
Juniper » Ex4650 » Version: N/A

cpe:2.3:h:juniper:ex4650:-
Juniper » Ex6200 » Version: N/A

cpe:2.3:h:juniper:ex6200:-
Juniper » Ex6210 » Version: N/A

cpe:2.3:h:juniper:ex6210:-
Juniper » Ex8200-Vc » Version: N/A

cpe:2.3:h:juniper:ex8200-vc:-
Juniper » Ex8200 » Version: N/A

cpe:2.3:h:juniper:ex8200:-
Juniper » Ex8208 » Version: N/A

cpe:2.3:h:juniper:ex8208:-
Juniper » Ex8216 » Version: N/A

cpe:2.3:h:juniper:ex8216:-
Juniper » Ex9200 » Version: N/A

cpe:2.3:h:juniper:ex9200:-
Juniper » Ex9204 » Version: N/A

cpe:2.3:h:juniper:ex9204:-
Juniper » Ex9208 » Version: N/A

cpe:2.3:h:juniper:ex9208:-
Juniper » Ex9214 » Version: N/A

cpe:2.3:h:juniper:ex9214:-
Juniper » Ex9250 » Version: N/A

cpe:2.3:h:juniper:ex9250:-
Juniper » Ex9251 » Version: N/A

cpe:2.3:h:juniper:ex9251:-
Juniper » Ex9253 » Version: N/A

cpe:2.3:h:juniper:ex9253:-
Juniper » Srx100 » Version: N/A

cpe:2.3:h:juniper:srx100:-
Juniper » Srx110 » Version: N/A

cpe:2.3:h:juniper:srx110:-
Juniper » Srx1400 » Version: N/A

cpe:2.3:h:juniper:srx1400:-
Juniper » Srx1500 » Version: N/A

cpe:2.3:h:juniper:srx1500:-
Juniper » Srx210 » Version: N/A

cpe:2.3:h:juniper:srx210:-
Juniper » Srx220 » Version: N/A

cpe:2.3:h:juniper:srx220:-
Juniper » Srx240 » Version: N/A

cpe:2.3:h:juniper:srx240:-
Juniper » Srx240h2 » Version: N/A

cpe:2.3:h:juniper:srx240h2:-
Juniper » Srx240m » Version: N/A

cpe:2.3:h:juniper:srx240m:-
Juniper » Srx300 » Version: N/A

cpe:2.3:h:juniper:srx300:-
Juniper » Srx320 » Version: N/A

cpe:2.3:h:juniper:srx320:-
Juniper » Srx3400 » Version: N/A

cpe:2.3:h:juniper:srx3400:-
Juniper » Srx340 » Version: N/A

cpe:2.3:h:juniper:srx340:-
Juniper » Srx345 » Version: N/A

cpe:2.3:h:juniper:srx345:-
Juniper » Srx3600 » Version: N/A

cpe:2.3:h:juniper:srx3600:-
Juniper » Srx380 » Version: N/A

cpe:2.3:h:juniper:srx380:-
Juniper » Srx4000 » Version: N/A

cpe:2.3:h:juniper:srx4000:-
Juniper » Srx4100 » Version: N/A

cpe:2.3:h:juniper:srx4100:-
Juniper » Srx4200 » Version: N/A

cpe:2.3:h:juniper:srx4200:-
Juniper » Srx4600 » Version: N/A

cpe:2.3:h:juniper:srx4600:-
Juniper » Srx5000 » Version: N/A

cpe:2.3:h:juniper:srx5000:-
Juniper » Srx5400 » Version: N/A

cpe:2.3:h:juniper:srx5400:-
Juniper » Srx550 » Version: N/A

cpe:2.3:h:juniper:srx550:-
Juniper » Srx550 Hm » Version: N/A

cpe:2.3:h:juniper:srx550_hm:-
Juniper » Srx550m » Version: N/A

cpe:2.3:h:juniper:srx550m:-
Juniper » Srx5600 » Version: N/A

cpe:2.3:h:juniper:srx5600:-
Juniper » Srx5800 » Version: N/A

cpe:2.3:h:juniper:srx5800:-
Juniper » Srx650 » Version: N/A

cpe:2.3:h:juniper:srx650:-
Juniper » Junos » Version: 21.2

cpe:2.3:o:juniper:junos:21.2
Juniper » Junos » Version: 21.4

cpe:2.3:o:juniper:junos:21.4
Juniper » Junos » Version: 22.1

cpe:2.3:o:juniper:junos:22.1
Juniper » Junos » Version: 22.2

cpe:2.3:o:juniper:junos:22.2
Juniper » Junos » Version: 22.3

cpe:2.3:o:juniper:junos:22.3
Juniper » Junos » Version: 22.4

cpe:2.3:o:juniper:junos:22.4
Juniper » Junos » Version: 23.2

cpe:2.3:o:juniper:junos:23.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-36851

Products

Pricing

Contact Us