CVE-2023-36851

Summary

CVE-2023-36851 is a vulnerability in Juniper Networks Junos OS on SRX Series, affecting versions prior to 21.2R3-S8, 21.4R3-S6, 22.1R3-S5, 22.2R3-S3, 22.3R3-S2, 22.4R2-S2, 22.4R3, and 23.2R1-S2, 23.2R2. This issue involves a Missing Authentication for Critical Function, allowing unauthenticated attackers to upload and download arbitrary files via J-Web. The impact includes loss of file system integrity or confidentiality, potentially leading to other vulnerabilities being chained. An attacker can exploit this vulnerability with a specific request to webauth_operation.php without requiring authentication.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.