Cyber Resilience

CVE-2023-36846

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 17 August 2023

Published
17 August 2023
Modified
26 February 2026
KEV Added
13 November 2023
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.9428 99.9th percentile
Risk Priority 87 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-36846 is a medium-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Juniper Junos. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-8 (Identification and Authentication (Non-organizational Users)).

Deeper analysis

CVE-2023-36846 is a missing authentication for critical function vulnerability (CWE-306) affecting Juniper Networks Junos OS on SRX Series devices. It resides in the J-Web interface and permits an unauthenticated network attacker to reach the user.php endpoint and upload arbitrary files, resulting in limited loss of integrity to a portion of the file system. The flaw impacts all versions prior to 20.4R3-S8 as well as multiple 21.x and 22.x releases up to the fixed trains listed in the advisory, and carries a CVSS 3.1 score of 5.3.

An unauthenticated remote attacker can exploit the issue over the network by sending a crafted request to the unauthenticated J-Web endpoint, enabling upload of files that may be chained with other vulnerabilities. No user interaction or credentials are required, and the attack preserves confidentiality and availability while affecting only integrity.

The official Juniper advisory JSA72300 details the affected releases and corresponding fixed versions; organizations should apply the listed patches or upgrades. The vulnerability also appears in CISA's Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation.

The associated EPSS score stands at 0.9428.

EU & UK References

Vulnerability details

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an…

more

attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

CWE(s)
KEV Date Added
13 November 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

juniper
junos
20.4, 21.1, 21.2, 21.3, 21.4 · ≤ 20.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication before allowing access to the user.php file-upload function that the CVE exploits without credentials.

prevent

Requires identification and authentication of non-organizational users before permitting network access to the J-Web critical function left unauthenticated in the CVE.

prevent

Boundary-protection mechanisms can restrict or require authenticated access to the SRX J-Web interface, limiting the network-based unauthenticated upload vector.

References