Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to

webauth_operation.php

that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of

integrity or confidentiality, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

21.2 versions prior to 21.2R3-S8;

  • 21.4

versions prior to

21.4R3-S6;

  • 22.1

versions prior to

22.1R3-S5;

  • 22.2

versions prior to

22.2R3-S3;

  • 22.3

versions prior to

22.3R3-S2;

  • 22.4 versions prior to 22,4R2-S2, 22.4R3;
  • 23.2 versions prior to

23.2R1-S2, 23.2R2.

  • Published: Sep 27, 2023
  • Updated: Jan 27, 2024
  • CVE: CVE-2023-36851
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

Software From Fixed in
juniper / junos 21.2-r3-s2 21.2-r3-s2.x
juniper / junos 21.2-r3-s1 21.2-r3-s1.x
juniper / junos 21.2-r3-s3 21.2-r3-s3.x
juniper / junos 21.2-r1 21.2-r1.x
juniper / junos 21.2-r1-s1 21.2-r1-s1.x
juniper / junos 21.2 21.2.x
juniper / junos 21.2-r1-s2 21.2-r1-s2.x
juniper / junos 21.2-r2-s1 21.2-r2-s1.x
juniper / junos 21.2-r2-s2 21.2-r2-s2.x
juniper / junos 21.2-r2 21.2-r2.x
juniper / junos 21.2-r3 21.2-r3.x
juniper / junos 21.2-r3-s4 21.2-r3-s4.x
juniper / junos 21.2-r3-s6 21.2-r3-s6.x
juniper / junos 21.2-r3-s5 21.2-r3-s5.x
juniper / junos 21.4-r2-s2 21.4-r2-s2.x
juniper / junos 21.4-r3 21.4-r3.x
juniper / junos 21.4-r3-s3 21.4-r3-s3.x
juniper / junos 21.4-r3-s2 21.4-r3-s2.x
juniper / junos 21.4-r3-s1 21.4-r3-s1.x
juniper / junos 21.4-r1-s1 21.4-r1-s1.x
juniper / junos 21.4-r2 21.4-r2.x
juniper / junos 21.4-r2-s1 21.4-r2-s1.x
juniper / junos 21.4-r1-s2 21.4-r1-s2.x
juniper / junos 21.4 21.4.x
juniper / junos 21.4-r1 21.4-r1.x
juniper / junos 21.4-r3-s4 21.4-r3-s4.x
juniper / junos 22.1-r3-s3 22.1-r3-s3.x
juniper / junos 22.1-r1 22.1-r1.x
juniper / junos 22.1-r3 22.1-r3.x
juniper / junos 22.1-r2-s1 22.1-r2-s1.x
juniper / junos 22.1-r3-s2 22.1-r3-s2.x
juniper / junos 22.1-r1-s2 22.1-r1-s2.x
juniper / junos 22.1-r2-s2 22.1-r2-s2.x
juniper / junos 22.1-r1-s1 22.1-r1-s1.x
juniper / junos 22.1-r2 22.1-r2.x
juniper / junos 22.1-r3-s1 22.1-r3-s1.x
juniper / junos 22.2-r1 22.2-r1.x
juniper / junos 22.2-r1-s1 22.2-r1-s1.x
juniper / junos 22.2-r2 22.2-r2.x
juniper / junos 22.2-r2-s2 22.2-r2-s2.x
juniper / junos 22.2-r3 22.2-r3.x
juniper / junos 22.2-r2-s1 22.2-r2-s1.x
juniper / junos 22.2-r1-s2 22.2-r1-s2.x
juniper / junos 22.2-r3-s1 22.2-r3-s1.x
juniper / junos 22.3-r1-s1 22.3-r1-s1.x
juniper / junos 22.3-r2-s1 22.3-r2-s1.x
juniper / junos 22.3-r1-s2 22.3-r1-s2.x
juniper / junos 22.3-r2 22.3-r2.x
juniper / junos 22.3-r1 22.3-r1.x
juniper / junos 22.4-r1-s1 22.4-r1-s1.x
juniper / junos 22.4-r1-s2 22.4-r1-s2.x
juniper / junos 22.4-r2 22.4-r2.x
juniper / junos 22.4-r1 22.4-r1.x
juniper / junos 23.2-r1 23.2-r1.x
juniper / junos 21.2-r3-s7 21.2-r3-s7.x
juniper / junos 21.4-r3-s5 21.4-r3-s5.x
juniper / junos 22.1-r3-s4 22.1-r3-s4.x
juniper / junos 22.2-r3-s2 22.2-r3-s2.x
juniper / junos 22.3-r3-s1 22.3-r3-s1.x
juniper / junos 22.3-r3 22.3-r3.x
juniper / junos 22.4-r2-s1 22.4-r2-s1.x
juniper / junos 23.2-r1-s1 23.2-r1-s1.x