CVE-2023-36846

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series versions prior to 20.4R3-S8 Juniper Networks Junos OS on SRX Series version 21.1R1 and later Juniper Networks Junos OS on SRX Series versions prior to 21.2R3-S6 Juniper Networks Junos OS on SRX Series versions prior to 21.3R3-S5 Juniper Networks Junos OS on SRX Series versions prior to 21.4R3-S5 Juniper Networks Junos OS on SRX Series versions prior to 22.1R3-S3 Juniper Networks Junos OS on SRX Series versions prior to 22.2R3-S2 Juniper Networks Junos OS on SRX Series versions prior to 22.3R2-S2, 22.3R3 Juniper Networks Junos OS on SRX Series versions prior to 22.4R2-S1, 22.4R3

Description A Missing Authentication for Critical Function issue in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. It is estimated that around 11086 devices worldwide, including 130 in a specific country, may be affected.

Recommendations For versions prior to 20.4R3-S8, update to version 20.4R3-S8 or later. For version 21.1R1 and later, update to a version that includes the fix for this issue. For versions prior to 21.2R3-S6, update to version 21.2R3-S6 or later. For versions prior to 21.3R3-S5, update to version 21.3R3-S5 or later. For versions prior to 21.4R3-S5, update to version 21.4R3-S5 or later. For versions prior to 22.1R3-S3, update to version 22.1R3-S3 or later. For versions prior to 22.2R3-S2, update to version 22.2R3-S2 or later. For versions prior to 22.3R2-S2, 22.3R3, update to a version that includes the fix for this issue. For versions prior to 22.4R2-S1, 22.4R3, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the J-Web interface until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the user.php endpoint in the affected API until the issue is resolved.