{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36851", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2023-06-27T16:17:25.277Z", "datePublished": "2023-09-26T19:53:17.080Z", "dateUpdated": "2024-08-02T17:01:09.845Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["SRX Series"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S8", "status": "affected", "version": "21.2", "versionType": "semver"}, {"lessThan": "21.4R3-S6", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R3-S5", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R3-S3", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S2", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R2-S2, 22.4R3", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R1-S2, 23.2R2", "status": "affected", "version": "23.2", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " \n\n\n\n\n\n\n\n<p>The following minimal configuration is necessary:</p><code>&nbsp; [system services web-management http]</code><p>or</p><code>&nbsp; [system services web-management https]</code><br>"}], "value": " \n\n\n\n\n\n\n\nThe following minimal configuration is necessary:\n\n\u00a0 [system services web-management http]or\n\n\u00a0 [system services web-management https]\n"}], "credits": [{"lang": "en", "type": "finder", "value": "The Juniper SIRT would like to acknowledge and thank watchtowr for responsibly reporting this vulnerability."}], "datePublic": "2023-09-05T19:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.<br><br>\n\nWith a specific request to \n\n<span style=\"background-color: rgb(255, 255, 255);\">webauth_operation.php</span>\n\nthat doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of \n\n<span style=\"background-color: rgb(255, 255, 255);\">integrity</span>&nbsp;or confidentiality, <span style=\"background-color: rgb(255, 255, 255);\">which may allow chaining to other vulnerabilities.</span>\n\n<br><p>This issue affects Juniper Networks Junos OS on SRX Series:</p><p></p><ul><li>\n\n<span style=\"background-color: rgb(255, 255, 255);\">21.2 versions prior to 21.2R3-S8;</span></li><li><span style=\"background-color: rgb(255, 255, 255);\">21.4 \n\nversions prior to \n\n21.4R3-S6;</span></li><li><span style=\"background-color: rgb(255, 255, 255);\">22.1 \n\nversions prior to \n\n22.1R3-S5;</span></li><li><span style=\"background-color: rgb(255, 255, 255);\">22.2 \n\nversions prior to \n\n22.2R3-S3;</span></li><li><span style=\"background-color: rgb(255, 255, 255);\">22.3 \n\nversions prior to \n\n22.3R3-S2;</span></li><li>22.4 versions prior to 22,4R2-S2, 22.4R3;</li><li>23.2 versions prior to \n\n<span style=\"background-color: rgb(255, 255, 255);\">23.2R1-S2,&nbsp;</span>23.2R2.</li></ul>"}], "value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of \n\nintegrity\u00a0or confidentiality, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * \n\n21.2 versions prior to 21.2R3-S8;\n * 21.4 \n\nversions prior to \n\n21.4R3-S6;\n * 22.1 \n\nversions prior to \n\n22.1R3-S5;\n * 22.2 \n\nversions prior to \n\n22.2R3-S3;\n * 22.3 \n\nversions prior to \n\n22.3R3-S2;\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S2,\u00a023.2R2.\n\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n<span style=\"background-color: rgb(255, 255, 255);\">While Juniper SIRT is not aware of a successful exploit against a customer, a proof of concept has been published and exploit attempts have been detected.</span>\n\n<br>"}], "value": "\n\n\nWhile Juniper SIRT is not aware of a successful exploit against a customer, a proof of concept has been published and exploit attempts have been detected.\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-01-25T22:36:32.697Z"}, "references": [{"tags": ["vendor-advisory", "mitigation"], "url": "https://supportportal.juniper.net/JSA72300"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">21.2R3-S8*, <span style=\"background-color: rgb(255, 255, 255);\">21.4R3-S6*, <span style=\"background-color: rgb(255, 255, 255);\">22.1R3-S5*</span>, <span style=\"background-color: rgb(255, 255, 255);\">22.2R3-S3*, <span style=\"background-color: rgb(255, 255, 255);\">22.3R3-S2*, </span></span></span></span><span style=\"background-color: rgb(255, 255, 255);\">22.4R2-S2, </span><span style=\"background-color: rgb(255, 255, 255);\">22.4R3*, </span><span style=\"background-color: rgb(255, 255, 255);\">23.2R1-S2, </span><span style=\"background-color: rgb(255, 255, 255);\">23.2R2*, </span><span style=\"background-color: rgb(255, 255, 255);\">23.4R1</span><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">,</span></span>&nbsp;and all subsequent releases.<br>*Pending Publication<br>"}], "value": "The following software releases have been updated to resolve this specific issue:\u00a021.2R3-S8*, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R2-S2, 22.4R3*, 23.2R1-S2, 23.2R2*, 23.4R1,\u00a0and all subsequent releases.\n*Pending Publication\n"}], "source": {"advisory": "JSA72300", "defect": ["1758332"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2023-09-05T19:00:00.000Z", "value": "Initial CVE publication"}, {"lang": "en", "time": "2023-11-08T17:00:00.000Z", "value": "Juniper SIRT is now aware of successful exploitation"}], "title": "Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\nDisable J-Web, or limit access to only trusted hosts.<br>"}], "value": "\n\n\n\n\nDisable J-Web, or limit access to only trusted hosts.\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:01:09.845Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "mitigation", "x_transferred"], "url": "https://supportportal.juniper.net/JSA72300"}]}]}}

{}

{"cisaActionDue": "2023-11-17", "cisaExploitAdd": "2023-11-13", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:juniper:ex2200:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE3D4F71-8476-4F0D-A976-A308D6483D6D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2200-c:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7BD5636-93D5-4C06-964F-00055DF6B2B8", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2200-vc:-:*:*:*:*:*:*:*", "matchCriteriaId": "D066A90D-F7F2-4EA5-8F0C-D0E189DDB05D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B3302CB-457F-4BD2-B80B-F70FB4C4542E", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2300-24mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3A0D9C0-34D3-430F-ABFA-B68010A8825D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2300-24p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E04B126-F290-4242-BB80-5F573D623E6E", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2300-24t:-:*:*:*:*:*:*:*", "matchCriteriaId": "671D9977-7657-48C7-A07C-4AED54380A86", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2300-48mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E100C3C-070D-4132-927F-756538B91491", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2300-48p:-:*:*:*:*:*:*:*", "matchCriteriaId": "2032E7DD-96FD-48B7-922C-5FE04675796C", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2300-48t:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D907D6A-B7C4-4A10-AA58-0F908575A435", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*", "matchCriteriaId": "979C3597-C53B-4F4B-9EA7-126DA036C86D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex2300m:-:*:*:*:*:*:*:*", "matchCriteriaId": "62A536DA-5A57-4255-AB22-F99F8B7FF62A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex3200:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C7A20FC-A19F-4881-A0E8-C440E9FE60D0", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex3300:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC326549-217D-4194-8310-AB398D6FF3F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex3300-vc:-:*:*:*:*:*:*:*", "matchCriteriaId": "D32B9B26-8BF0-4C56-A9BF-D9BBAEA50506", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*", "matchCriteriaId": "47DAF5E7-E610-4D74-8573-41C16D642837", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "53269C69-3D1E-4F05-8EF6-81743D7A699E", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4200-vc:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0F54ADF-7C13-4AA6-B61E-627D4DBB1CF3", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*", "matchCriteriaId": "E594D6DC-87F6-40D2-8268-ED6021462168", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-24p:-:*:*:*:*:*:*:*", "matchCriteriaId": "7BEA4BC3-093F-4DE6-BED1-2C7D2FC2C8A5", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-24p-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "592377CC-4044-4FDD-A3DF-CBF25754EE4D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-24t:-:*:*:*:*:*:*:*", "matchCriteriaId": "D12E8275-EF6B-44F9-A7D8-A769CDB5EED5", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-24t-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3E63215-246E-49F3-A537-8A90D512DAB0", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-32f:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD1A5E69-928A-41A0-8B9B-91F307D99854", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-32f-dc:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B71953D-016D-4E72-B598-55667A507681", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-32f-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "CABBC37B-EB93-424D-A1E7-4686039C0955", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "24526B69-E3E3-4249-80A4-A886BED5C07E", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48mp-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2209605-65B6-44B3-9700-9EC543BF2408", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48p:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3C348CF-65C1-4A53-8F4F-99B5A4113679", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48p-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "60CB5F91-DC40-4D09-BB93-4539B8581877", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48t:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADE8EB69-95DD-44E9-80A6-F2B5E34BBD5B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48t-afi:-:*:*:*:*:*:*:*", "matchCriteriaId": "EEEDB14F-E74A-4C48-A969-1D22D7F7C7C8", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48t-dc:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBE3866E-109E-479F-9FFE-3F6E81C0DE7C", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48t-dc-afi:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A17D793-5F01-4818-956D-D6BC5A6C4CEE", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48t-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF4C3E8E-C8B4-42A5-8DB6-7E8114FCC030", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48tafi:-:*:*:*:*:*:*:*", "matchCriteriaId": "77AF34EC-A154-4042-BE0B-B2BA9EEDEE93", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48tdc:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9FD3D9F-B49C-48EC-8AE1-FE3B399809DE", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-48tdc-afi:-:*:*:*:*:*:*:*", "matchCriteriaId": "10DC1840-7409-4BD0-9522-B55B1166CF9C", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9EECCB3-37B3-4146-8F8C-4BBFF84499E9", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300-vc:-:*:*:*:*:*:*:*", "matchCriteriaId": "303ADB06-5CB5-44DA-8387-39FACC539EF0", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4300m:-:*:*:*:*:*:*:*", "matchCriteriaId": "F07B0E0B-D2F2-4CF1-A8EA-A1E8DE83BBB4", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B43F6CB-0595-4957-8B3B-ADD4EA84D8C2", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4500:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDEE8AE4-B393-442C-AD68-4AC43E76A8F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4500-vc:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D842407-7A13-47C7-BBC9-FB0E978221CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4550:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7E98077-92AF-4E3E-96F0-2E6F9D6343D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4550-vc:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B84C72A-C314-46FB-8DD8-1DF29C6C4B0D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4550\\/vc:-:*:*:*:*:*:*:*", "matchCriteriaId": "3612D798-7A5F-4068-A5A2-92173893450E", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1BB20B5-EA30-4E8E-9055-2E629648436A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4600-vc:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3ECB975-D1A0-4318-9C5E-752A3C98F76F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B425BB1-3C78-42B1-A6C1-216E514191F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex6200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F6CC1C89-B37F-4C5F-9F79-12997C79711D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex6210:-:*:*:*:*:*:*:*", "matchCriteriaId": "71FF88C7-89CB-4E04-BADA-AD64F8060C6C", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex8200:-:*:*:*:*:*:*:*", "matchCriteriaId": "4AFE829C-325D-4E66-A6A2-A81BE8BCAB72", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex8200-vc:-:*:*:*:*:*:*:*", "matchCriteriaId": "B74B12A6-1CE2-4293-ABA5-E3F23E15485C", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex8208:-:*:*:*:*:*:*:*", "matchCriteriaId": "72E67A5A-0DFF-42D9-81A7-570E9BCA463D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex8216:-:*:*:*:*:*:*:*", "matchCriteriaId": "B51C5371-51E9-40AE-8619-BC1267DD1D08", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:*", "matchCriteriaId": "D08A8D94-134A-41E7-8396-70D8B0735E9C", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*", "matchCriteriaId": "86E82CE3-F43D-4B29-A64D-B14ADB6CC357", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*", "matchCriteriaId": "13C0199E-B9F0-41D3-B625-083990517CDF", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*", "matchCriteriaId": "8790B456-DFC7-4E82-9A0C-C89787139B79", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex9250:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CCB1E61-07A1-40B0-B616-F1A6E06D11C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex9251:-:*:*:*:*:*:*:*", "matchCriteriaId": "079290E9-DCC5-43F7-9480-64874DBF2696", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:ex9253:-:*:*:*:*:*:*:*", "matchCriteriaId": "2EA71434-CCBF-4A55-8B30-D213A43E8641", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*", "matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*", "matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*", "matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*", "matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*", "matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E020556B-693F-4963-BA43-3164AB50FA49", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB0D31FF-0812-42B8-B25E-03C35EC1B021", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*", "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*", "matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*", "matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*", "matchCriteriaId": "06A03463-6B1D-4DBA-9E89-CAD5E899B98B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*", "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5ABA347C-3EF3-4F75-B4D1-54590A57C2BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*", "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*", "matchCriteriaId": "06685D0E-A075-49A5-9EF4-34F0F795C8C6", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*", "matchCriteriaId": "52F0B735-8C49-4B08-950A-296C9CDE43CA", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B", "vulnerable": false}, {"criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*", "matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s6:*:*:*:*:*:*", "matchCriteriaId": "737DDF96-7B1D-44E2-AD0F-E2F50858B2A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s7:*:*:*:*:*:*", "matchCriteriaId": "35E0BB39-18AE-4FAD-A528-FDFF6222DDE5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s5:*:*:*:*:*:*", "matchCriteriaId": "C470FB4E-A927-4AF3-ACB0-AD1E264218B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*", "matchCriteriaId": "EFF72FCA-C440-4D43-9BDB-F712DB413717", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s4:*:*:*:*:*:*", "matchCriteriaId": "DE69E9E3-00FC-41BF-9109-617668CF9A0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s2:*:*:*:*:*:*", "matchCriteriaId": "60CEA89D-BAC4-41CD-A1D1-AA5EDDEBD54A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*", "matchCriteriaId": "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.3:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "8BCDE58C-80CC-4C5A-9667-8A4468D8D76C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "7FC1BA1A-DF0E-4B15-86BA-24C60E546732", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*", "matchCriteriaId": "4B3B2FE1-C228-46BE-AC76-70C2687050AE", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "F1B16FF0-900F-4AEE-B670-A537139F6909", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of \n\nintegrity\u00a0or confidentiality, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * \n\n21.2 versions prior to 21.2R3-S8;\n * 21.4 \n\nversions prior to \n\n21.4R3-S6;\n * 22.1 \n\nversions prior to \n\n22.1R3-S5;\n * 22.2 \n\nversions prior to \n\n22.2R3-S3;\n * 22.3 \n\nversions prior to \n\n22.3R3-S2;\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S2,\u00a023.2R2.\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de autenticaci\u00f3n faltante para funciones cr\u00edticas en Juniper Networks Junos OS en la serie SRX permite que un atacante basado en red no autenticado cause un impacto limitado en la integridad del sistema de archivos. Con una solicitud espec\u00edfica a webauth_operation.php que no requiere autenticaci\u00f3n, un atacante puede cargar archivos arbitrarios a trav\u00e9s de J-Web, lo que provoca una p\u00e9rdida de integridad de una determinada parte del sistema de archivos, lo que puede permitir el encadenamiento a otras vulnerabilidades. . Este problema afecta a Juniper Networks Junos OS en la serie SRX: * Versiones 22.4 anteriores a 22,4R2-S2, 22.4R3; * Versiones 23.2 anteriores a 23.2R2."}], "id": "CVE-2023-36851", "lastModified": "2024-06-26T20:17:05.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2023-09-27T15:18:54.877", "references": [{"source": "sirt@juniper.net", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://supportportal.juniper.net/JSA72300"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}