Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-36847

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

Published

2023-08-17T20:15:10.553

Last Modified

2025-01-27T21:40:15.840

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-306
Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	< 20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Hardware	juniper	ex2200	-	No
Hardware	juniper	ex2200-c	-	No
Hardware	juniper	ex2200-vc	-	No
Hardware	juniper	ex2300	-	No
Hardware	juniper	ex2300-24mp	-	No
Hardware	juniper	ex2300-24p	-	No
Hardware	juniper	ex2300-24t	-	No
Hardware	juniper	ex2300-48mp	-	No
Hardware	juniper	ex2300-48p	-	No
Hardware	juniper	ex2300-48t	-	No
Hardware	juniper	ex2300-c	-	No
Hardware	juniper	ex2300m	-	No
Hardware	juniper	ex3200	-	No
Hardware	juniper	ex3300	-	No
Hardware	juniper	ex3300-vc	-	No
Hardware	juniper	ex3400	-	No
Hardware	juniper	ex4200	-	No
Hardware	juniper	ex4200-vc	-	No
Hardware	juniper	ex4300	-	No
Hardware	juniper	ex4300-24p	-	No
Hardware	juniper	ex4300-24p-s	-	No
Hardware	juniper	ex4300-24t	-	No
Hardware	juniper	ex4300-24t-s	-	No
Hardware	juniper	ex4300-32f	-	No
Hardware	juniper	ex4300-32f-dc	-	No
Hardware	juniper	ex4300-32f-s	-	No
Hardware	juniper	ex4300-48mp	-	No
Hardware	juniper	ex4300-48mp-s	-	No
Hardware	juniper	ex4300-48p	-	No
Hardware	juniper	ex4300-48p-s	-	No
Hardware	juniper	ex4300-48t	-	No
Hardware	juniper	ex4300-48t-afi	-	No
Hardware	juniper	ex4300-48t-dc	-	No
Hardware	juniper	ex4300-48t-dc-afi	-	No
Hardware	juniper	ex4300-48t-s	-	No
Hardware	juniper	ex4300-48tafi	-	No
Hardware	juniper	ex4300-48tdc	-	No
Hardware	juniper	ex4300-48tdc-afi	-	No
Hardware	juniper	ex4300-mp	-	No
Hardware	juniper	ex4300-vc	-	No
Hardware	juniper	ex4300m	-	No
Hardware	juniper	ex4400	-	No
Hardware	juniper	ex4500	-	No
Hardware	juniper	ex4500-vc	-	No
Hardware	juniper	ex4550	-	No
Hardware	juniper	ex4550-vc	-	No
Hardware	juniper	ex4550\/vc	-	No
Hardware	juniper	ex4600	-	No
Hardware	juniper	ex4600-vc	-	No
Hardware	juniper	ex4650	-	No
Hardware	juniper	ex6200	-	No
Hardware	juniper	ex6210	-	No
Hardware	juniper	ex8200	-	No
Hardware	juniper	ex8200-vc	-	No
Hardware	juniper	ex8208	-	No
Hardware	juniper	ex8216	-	No
Hardware	juniper	ex9200	-	No
Hardware	juniper	ex9204	-	No
Hardware	juniper	ex9208	-	No
Hardware	juniper	ex9214	-	No
Hardware	juniper	ex9250	-	No
Hardware	juniper	ex9251	-	No
Hardware	juniper	ex9253	-	No

References

https://supportportal.juniper.net/JSA72300 Vendor Advisory ([email protected])
https://supportportal.juniper.net/JSA72300 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)