CVE-2023-36846

描述： A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to user.php that doesn’t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of

integrity

for a certain

part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

All versions prior to 20.4R3-S8;
21.1 versions 21.1R1 and later;
21.2 versions prior to 21.2R3-S6;
21.3 versions

prior to

21.3R3-S5;

21.4 versions

prior to

21.4R3-S5;

22.1 versions

prior to

22.1R3-S3;

22.2 versions

prior to

22.2R3-S2;

22.3 versions

prior to

22.3R2-S2, 22.3R3;

22.4 versions

prior to

22.4R2-S1, 22.4R3.

CVE-2023-36846 is a missing authorization check affecting Juniper Networks SRX-series devices running Junos OS. More specifically, this vulnerability permits an unauthenticated attacker to upload files to a Junos OS temporary directory. Although the attacker cannot traverse out of that write location in any capacity, CVE-2023-36846 can be paired with CVE-2023-36845 to upload a PHP INI file to the appliance, then load it using Linux environment variable injection.

I’ve rated ‘Attacker Value’ as ‘Medium’, since this vulnerability is primarily useful to attackers when used in an exploit chain. I’ve rated ‘Exploitability’ as ‘Medium’, since the vulnerability is easy to leverage for serious impact, but only when paired with CVE-2023-36845.

其他

#attackerkb.com

CVE-2023-36846

http://example.com/2025/07/22/other_1991787727/

作者

lianccc

发布于

2025年7月22日

许可协议

CVE-2023-34124 上一篇

The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file 下一篇