CVE-2023-36846

Summary

CVE-2023-36846 is a vulnerability in Juniper Networks Junos OS on SRX Series that allows unauthenticated attackers to upload arbitrary files to user.php with no authentication required. This leads to a loss of integrity for a specific part of the file system, potentially enabling chaining to other vulnerabilities. Affected versions include all prior to 20.4R3-S8, 21.1 versions 21.1R1 and later (excluding 21.1R2 and 21.1R3), 21.2 versions prior to 21.2R3-S6, 21.3 versions prior to 21.3R3-S5, 21.4 versions prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S3, 22.2 versions prior to 22.2R3-S2, 22.3 versions prior to 22.3R2-S2, 22.3R3, 22.4 versions prior to 22.4R2-S1, and 22.4R3. This issue may result in compromised file system integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.