CVE-2023-36846
Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files
In short
A weakness in Juniper SRX firewalls allows anyone on the network to upload files without logging in through J-Web, potentially damaging system files and creating opportunities for further attacks.
Technical detail
Missing authentication on the user.php endpoint in J-Web enables unauthenticated file upload via HTTP request, compromising file system integrity on affected SRX devices. This CWE-306 vulnerability can be chained with other flaws to escalate impact on vulnerable Junos OS versions.
Summary generated and translated by AI from the official description.
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of
integrity
for a certain
part of the file system, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
* All versions prior to 20.4R3-S8;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S3;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
Juniper Networks · Junos OSpublic PoCs found — 1
githubgithub.com/Chocapikk/CVE-2023-36846★ 5⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →