U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2023-36851

Change History

CVE Modified by Juniper Networks, Inc. 1/25/2024 6:15:08 PM

Action Type Old Value New Value
Changed Description
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.



With a specific request to 

webauth_operation.php

that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of 

integrity

for a certain part of the file system, which may allow chaining to other vulnerabilities.


This issue affects Juniper Networks Junos OS on SRX Series:



  *  22.4 versions prior to 22,4R2-S2, 22.4R3;
  *  23.2 versions prior to 23.2R2.




A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.



With a specific request to 

webauth_operation.php

that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of 

integrity or confidentiality, which may allow chaining to other vulnerabilities.


This issue affects Juniper Networks Junos OS on SRX Series:



  *  

21.2 versions prior to 21.2R3-S8;
  *  21.4 

versions prior to 

21.4R3-S6;
  *  22.1 

versions prior to 

22.1R3-S5;
  *  22.2 

versions prior to 

22.2R3-S3;
  *  22.3 

versions prior to 

22.3R3-S2;
  *  22.4 versions prior to 22,4R2-S2, 22.4R3;
  *  23.2 versions prior to 

23.2R1-S2, 23.2R2.