logo
Vulnerability feed
Contributors
About
Blog
CONTRIBUTE

Vulnerability

warn

CVE-2023-36851

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-36851

Description:
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R2.
Last updated date:
09/28/2023

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
11/08/2023
Reference url to background

https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US

Type:
exploitation
Confidence:
HIGH
Date of publishing:
11/13/2023
Reference url to background

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2023

Privacy Policy