CVE-2023-36851

Name of the Vulnerable Software and Affected Versions Juniper Junos OS SRX Series versions 21.2 prior to 21.2R3-S8 Juniper Junos OS SRX Series versions 21.4 prior to 21.4R3-S6 Juniper Junos OS SRX Series versions 22.1 prior to 22.1R3-S5 Juniper Junos OS SRX Series versions 22.2 prior to 22.2R3-S3 Juniper Junos OS SRX Series versions 22.3 prior to 22.3R3-S2 Juniper Junos OS SRX Series versions 22.4 prior to 22.4R2-S2, 22.4R3 Juniper Junos OS SRX Series versions 23.2 prior to 23.2R1-S2, 23.2R2

Description A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to "webauth operation.php" that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to this security flaw, which can allow an unauthenticated attacker to remotely execute code on the devices.

Recommendations For versions 21.2 prior to 21.2R3-S8, update to version 21.2R3-S8 or later. For versions 21.4 prior to 21.4R3-S6, update to version 21.4R3-S6 or later. For versions 22.1 prior to 22.1R3-S5, update to version 22.1R3-S5 or later. For versions 22.2 prior to 22.2R3-S3, update to version 22.2R3-S3 or later. For versions 22.3 prior to 22.3R3-S2, update to version 22.3R3-S2 or later. For versions 22.4 prior to 22.4R2-S2, 22.4R3, update to a version that is not vulnerable. For versions 23.2 prior to 23.2R1-S2, 23.2R2, update to a version that is not vulnerable. As a temporary workaround, consider restricting access to the "webauth operation.php" endpoint until a patch is available.