SB2023081879 - Multiple vulnerabilities in Juniper Networks Junos OS on SRX Series

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023081879

SB2023081879 - Multiple vulnerabilities in Juniper Networks Junos OS on SRX Series

Published: August 18, 2023 Updated: October 25, 2024

Security Bulletin ID SB2023081879
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2023-36844)

The vulnerability allows a remote attacker to modify application behavior.

The vulnerability exists due to insufficient validation of user-supplied input in J-Web. A remote attacker can modify values of certain PHP environments variables and modify application's behavior.

Successful exploitation of the vulnerability can lead to remote code execution.


2) Input validation error (CVE-ID: CVE-2023-36845)

The vulnerability allows a remote attacker to modify application behavior.

The vulnerability exists due to insufficient validation of user-supplied input in J-Web. A remote attacker can modify values of certain PHP environments variables and modify application's behavior.


3) Arbitrary file upload (CVE-ID: CVE-2023-36846)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authentication when uploading files via J-Web. A remote non-authenticated attacker can upload a malicious file and execute it on the system.

Successful exploitation of the vulnerability may result in system compromise.

4) Arbitrary file upload (CVE-ID: CVE-2023-36847)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authentication when uploading files via J-Web. A remote non-authenticated attacker can upload a malicious file and execute it on the system.

Successful exploitation of the vulnerability may result in system compromise.

5) Arbitrary file upload (CVE-ID: CVE-2023-36851)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authentication when uploading files via J-Web. A remote non-authenticated attacker can upload a malicious file and execute it on the system.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References