CVE-2023-36846
Scores
EPSS
0.943high94.3%
0%20%40%60%80%100%
Percentile: 94.3%
CVSS
5.3medium3.x
0246810
CVSS Score: 5.3/10
All CVSS Scores
CVSS 3.x
5.3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Network (N)
Describes how the vulnerability is exploited
AV:N
Attack Complexity
Low (L)
Describes the conditions beyond the attacker's control
AC:L
Privileges Required
None (N)
Describes the level of privileges an attacker must possess
PR:N
User Interaction
None (N)
Captures the requirement for a human user participation
UI:N
Scope
Unchanged (U)
Determines if a successful attack impacts components beyond the vulnerable component
S:U
Confidentiality Impact
None (N)
Measures the impact to the confidentiality of information
C:N
Integrity Impact
Low (L)
Measures the impact to integrity of a successfully exploited vulnerability
I:L
Availability Impact
None (N)
Measures the impact to the availability of the impacted component
A:N
Description
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to user.php that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of
integrity
for a certain
part of the file system, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
- All versions prior to 20.4R3-S8;
- 21.1 versions 21.1R1 and later;
- 21.2 versions prior to 21.2R3-S6;
- 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S3;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3.
Scaner-VS 7 — a modern vulnerability management solution
Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7Sources
nvd
CWEs
CWE-306
Related Vulnerabilities
Exploits
Vulnerable Software (1)
Type: Configuration
Vendor: juniper
Product: junos
Operating System: * * *
Trait:
{ "children": [ { "cpe_match": [ { "cpe23uri": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.4", "vulnerable": true },...
{ "children": [ { "cpe_match": [ { "cpe23uri": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.4", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.1:r3-s5:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*", "vulnerable": true }, { "cpe23uri": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*", "vulnerable": true } ], "operator": "OR" }, { "cpe_match": [ { "cpe23uri": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*" }, { "cpe23uri": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*" } ], "operator": "OR" } ], "operator": "AND"}
Source: nvd