CVE-2023-36851
Published: 27 September 2023
Summary
CVE-2023-36851 is a medium-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Juniper Junos. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 5.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
CVE-2023-36851 is a missing authentication for critical function vulnerability (CWE-306) affecting Juniper Networks Junos OS on SRX Series devices. The flaw resides in the J-Web interface and permits an unauthenticated network attacker to reach the script webauth_operation.php, which lacks any access control. Affected releases include all 21.2 versions prior to 21.2R3-S8, 21.4 versions prior to 21.4R3-S6, 22.1 versions prior to 22.1R3-S5, 22.2 versions prior to 22.2R3-S3, 22.3 versions prior to 22.3R3-S2, 22.4 versions prior to 22.4R2-S2 and 22.4R3, and 23.2 versions prior to 23.2R1-S2 and 23.2R2. The CVSS 3.1 base score is 5.3.
An unauthenticated remote attacker can send a crafted request to webauth_operation.php to upload or download arbitrary files on the device file system. The action results in limited integrity and confidentiality impact and may be chained with other vulnerabilities to expand access.
The vendor advisory JSA72300 lists the fixed releases above and is referenced by CISA in its Known Exploited Vulnerabilities catalog, confirming that exploitation has been observed in the wild. The associated EPSS score has reached a peak of 0.1563.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-40771
Vulnerability details
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an…
more
attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.
- CWE(s)
- KEV Date Added
- 13 November 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and authorization checks before permitting any access to critical functions such as webauth_operation.php file upload/download.
Requires successful identification and authentication of users prior to granting access to the J-Web management interface on SRX devices.
Establishes usage restrictions and authentication requirements for all network-based remote access to the device management plane.