TROYANOSYVIRUS
Voltar para CVEs

CVE-2023-36846

MEDIUMCISA KEV
5.3

Descricao

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain  part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

Detalhes CVE

Pontuacao CVSS v3.15.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/17/2023
Ultima modificacao2/26/2026
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorJuniper
ProdutoJunos OS
Nome da vulnerabilidadeJuniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Data inclusao KEV2023-11-13
Prazo de remediacao2023-11-17
Uso em ransomwareUnknown

Produtos afetados

juniper:junosjuniper:srx100juniper:srx110juniper:srx1400juniper:srx1500juniper:srx210juniper:srx220juniper:srx240juniper:srx240h2juniper:srx240mjuniper:srx300juniper:srx320juniper:srx340juniper:srx3400juniper:srx345juniper:srx3600juniper:srx380juniper:srx4000juniper:srx4100juniper:srx4200juniper:srx4600juniper:srx5000juniper:srx5400juniper:srx550juniper:srx550_hmjuniper:srx550mjuniper:srx5600juniper:srx5800juniper:srx650

Fraquezas (CWE)

CWE-306CWE-306

Referencias

https://supportportal.juniper.net/JSA72300(sirt@juniper.net)
https://supportportal.juniper.net/JSA72300(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36846(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.