With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of
integrity
for a certain
part of the file system, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on EX Series:
* All versions prior to 20.4R3-S8;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S4;
* 22.1 versions
prior to
22.1R3-S3;
* 22.2 versions
prior to
22.2R3-S1;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact Low
Availability Impact None
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is in the KEV database since Nov. 13, 2023.
The EPSS score is 0.94278.
Exploitation active
Automatable yes
Technical Impact total
Affected Vendors & Products
Vendors | Products |
---|---|
Juniper |
|
Configuration 1 [-]
AND |
|
No data.
No data.
No advisories yet.
Solution
The following software releases have been updated to resolve this specific issue: 20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases. *Pending Publication
Workaround
Disable J-Web, or limit access to only trusted hosts.
Link | Providers |
---|---|
https://supportportal.juniper.net/JSA72300 |
![]() ![]() |
Mon, 03 Feb 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|

Status: PUBLISHED
Assigner: juniper
Published:
Updated: 2025-07-30T01:37:19.999Z
Reserved: 2023-06-27T16:17:25.277Z
Link: CVE-2023-36847

Updated: 2024-08-02T17:01:09.811Z

Status : Analyzed
Published: 2023-08-17T20:15:10.553
Modified: 2025-01-27T21:40:15.840
Link: CVE-2023-36847

No data.

No data.