PromptRiskDBThreat intelligence atlas

CVE-2023-36851 - Juniper Junos OS

AI Vulnerability Context

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, wh...

Overview

A source-backed snapshot of this vulnerability.

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to

webauth_operation.php

that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of

integrity or confidentiality, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

*

21.2 versions prior to 21.2R3-S8;

  • 21.4

versions prior to

21.4R3-S6;

  • 22.1

versions prior to

22.1R3-S5;

  • 22.2

versions prior to

22.2R3-S3;

  • 22.3

versions prior to

22.3R3-S2;

  • 22.4 versions prior to 22,4R2-S2, 22.4R3;
  • 23.2 versions prior to

23.2R1-S2, 23.2R2.

CISA KEVyesWhether CISA lists this as exploited.
Techniques0AI attack methods connected to this vulnerability.
Case studies0Examples where this vulnerability is mentioned.

Vulnerability status

How serious this vulnerability is and whether it is known to be exploited.

CISA KEVMEDIUM
CVE ID
CVE-2023-36851
Vendor/project
Juniper
Product
Junos OS
Vulnerability name
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Date added
2023-11-13
Due date
2023-11-17
Known ransomware campaign use
Unknown
CVSS v3
5.3
CWE-306

Exploit context

What the vulnerability is about.

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to

webauth_operation.php

that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of

integrity or confidentiality, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

*

21.2 versions prior to 21.2R3-S8;

  • 21.4

versions prior to

21.4R3-S6;

  • 22.1

versions prior to

22.1R3-S5;

  • 22.2

versions prior to

22.2R3-S3;

  • 22.3

versions prior to

22.3R3-S2;

  • 22.4 versions prior to 22,4R2-S2, 22.4R3;
  • 23.2 versions prior to

23.2R1-S2, 23.2R2.

Source evidence

Original public records and references for this page.

Original source

Original source links

Open the public records and source datasets used for this page.