NVD

Vulnerability Change Records for CVE-2023-36851

Change History

CVE Modified by Juniper Networks, Inc. 1/25/2024 6:15:08 PM

Action

Type

Old Value

New Value

Changed

Description

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.



With a specific request to 

webauth_operation.php

that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of 

integrity

for a certain part of the file system, which may allow chaining to other vulnerabilities.


This issue affects Juniper Networks Junos OS on SRX Series:



  *  22.4 versions prior to 22,4R2-S2, 22.4R3;
  *  23.2 versions prior to 23.2R2.

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.



With a specific request to 

webauth_operation.php

that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of 

integrity or confidentiality, which may allow chaining to other vulnerabilities.


This issue affects Juniper Networks Junos OS on SRX Series:



  *  

21.2 versions prior to 21.2R3-S8;
  *  21.4 

versions prior to 

21.4R3-S6;
  *  22.1 

versions prior to 

22.1R3-S5;
  *  22.2 

versions prior to 

22.2R3-S3;
  *  22.3 

versions prior to 

22.3R3-S2;
  *  22.4 versions prior to 22,4R2-S2, 22.4R3;
  *  23.2 versions prior to 

23.2R1-S2, 23.2R2.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Vulnerability Change Records for CVE-2023-36851

Change History

CVE Modified by Juniper Networks, Inc. 1/25/2024 6:15:08 PM