TROYANOSYVIRUS
Volver a CVEs

CVE-2023-36847

MEDIUMCISA KEV
5.3

Descripcion

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

Detalles CVE

Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/17/2023
Ultima modificacion2/26/2026
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorJuniper
ProductoJunos OS
Nombre vulnerabilidadJuniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
Fecha inclusion KEV2023-11-13
Fecha limite remediacion2023-11-17
Uso en ransomwareUnknown

Productos afectados

juniper:ex2200juniper:ex2200-cjuniper:ex2200-vcjuniper:ex2300juniper:ex2300-24mpjuniper:ex2300-24pjuniper:ex2300-24tjuniper:ex2300-48mpjuniper:ex2300-48pjuniper:ex2300-48tjuniper:ex2300-cjuniper:ex2300mjuniper:ex3200juniper:ex3300juniper:ex3300-vcjuniper:ex3400juniper:ex4200juniper:ex4200-vcjuniper:ex4300juniper:ex4300-24pjuniper:ex4300-24p-sjuniper:ex4300-24tjuniper:ex4300-24t-sjuniper:ex4300-32fjuniper:ex4300-32f-dcjuniper:ex4300-32f-sjuniper:ex4300-48mpjuniper:ex4300-48mp-sjuniper:ex4300-48pjuniper:ex4300-48p-sjuniper:ex4300-48tjuniper:ex4300-48t-afijuniper:ex4300-48t-dcjuniper:ex4300-48t-dc-afijuniper:ex4300-48t-sjuniper:ex4300-48tafijuniper:ex4300-48tdcjuniper:ex4300-48tdc-afijuniper:ex4300-mpjuniper:ex4300-vcjuniper:ex4300mjuniper:ex4400juniper:ex4500juniper:ex4500-vcjuniper:ex4550juniper:ex4550-vcjuniper:ex4550\/vcjuniper:ex4600juniper:ex4600-vcjuniper:ex4650juniper:ex6200juniper:ex6210juniper:ex8200juniper:ex8200-vcjuniper:ex8208juniper:ex8216juniper:ex9200juniper:ex9204juniper:ex9208juniper:ex9214juniper:ex9250juniper:ex9251juniper:ex9253juniper:junos

Debilidades (CWE)

CWE-306CWE-306

Referencias

https://supportportal.juniper.net/JSA72300(sirt@juniper.net)
https://supportportal.juniper.net/JSA72300(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36847(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.