CVE-2023-36851 - Vulnerability Details

CVE-2023-36851 - Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.

With a specific request to

webauth_operation.php

that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of

integrity or confidentiality, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

*

21.2 versions prior to 21.2R3-S8;
* 21.4

versions prior to

21.4R3-S6;
* 22.1

versions prior to

22.1R3-S5;
* 22.2

versions prior to

22.2R3-S3;
* 22.3

versions prior to

22.3R3-S2;
* 22.4 versions prior to 22,4R2-S2, 22.4R3;
* 23.2 versions prior to

23.2R1-S2, 23.2R2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Nov. 13, 2023.

The EPSS score is 0.15633.

Exploitation active

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Juniper Networks

Junos OS

unaffected

Version	Status	Constraints
`21.2`	affected	< 21.2R3-S8
`21.4`	affected	< 21.4R3-S6
`22.1`	affected	< 22.1R3-S5
`22.2`	affected	< 22.2R3-S3
`22.3`	affected	< 22.3R3-S2
`22.4`	affected	< 22.4R2-S2, 22.4R3
`23.2`	affected	< 23.2R1-S2, 23.2R2

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos:21.2:-::::::
	cpe:2.3:o:juniper:junos:21.2:r1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r2::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s6::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s7::::::
	cpe:2.3:o:juniper:junos:21.4:-::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r2::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:22.1:r1::::::
	cpe:2.3:o:juniper:junos:22.1:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r2::::::
	cpe:2.3:o:juniper:junos:22.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r3::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s4::::::
	cpe:2.3:o:juniper:junos:22.2:r1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r2::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r2::::::
	cpe:2.3:o:juniper:junos:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r3::::::
	cpe:2.3:o:juniper:junos:22.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s1::::::

OR	cpe:2.3:h:juniper:ex2200:-:::::::*
	cpe:2.3:h:juniper:ex2200-c:-:::::::*
	cpe:2.3:h:juniper:ex2200-vc:-:::::::*
	cpe:2.3:h:juniper:ex2300:-:::::::*
	cpe:2.3:h:juniper:ex2300-24mp:-:::::::*
	cpe:2.3:h:juniper:ex2300-24p:-:::::::*
	cpe:2.3:h:juniper:ex2300-24t:-:::::::*
	cpe:2.3:h:juniper:ex2300-48mp:-:::::::*
	cpe:2.3:h:juniper:ex2300-48p:-:::::::*
	cpe:2.3:h:juniper:ex2300-48t:-:::::::*
	cpe:2.3:h:juniper:ex2300-c:-:::::::*
	cpe:2.3:h:juniper:ex2300m:-:::::::*
	cpe:2.3:h:juniper:ex3200:-:::::::*
	cpe:2.3:h:juniper:ex3300:-:::::::*
	cpe:2.3:h:juniper:ex3300-vc:-:::::::*
	cpe:2.3:h:juniper:ex3400:-:::::::*
	cpe:2.3:h:juniper:ex4200:-:::::::*
	cpe:2.3:h:juniper:ex4200-vc:-:::::::*
	cpe:2.3:h:juniper:ex4300:-:::::::*
	cpe:2.3:h:juniper:ex4300-24p:-:::::::*
	cpe:2.3:h:juniper:ex4300-24p-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-24t:-:::::::*
	cpe:2.3:h:juniper:ex4300-24t-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-32f:-:::::::*
	cpe:2.3:h:juniper:ex4300-32f-dc:-:::::::*
	cpe:2.3:h:juniper:ex4300-32f-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48mp:-:::::::*
	cpe:2.3:h:juniper:ex4300-48mp-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48p:-:::::::*
	cpe:2.3:h:juniper:ex4300-48p-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-afi:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-dc:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-dc-afi:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48tafi:-:::::::*
	cpe:2.3:h:juniper:ex4300-48tdc:-:::::::*
	cpe:2.3:h:juniper:ex4300-48tdc-afi:-:::::::*
	cpe:2.3:h:juniper:ex4300-mp:-:::::::*
	cpe:2.3:h:juniper:ex4300-vc:-:::::::*
	cpe:2.3:h:juniper:ex4300m:-:::::::*
	cpe:2.3:h:juniper:ex4400:-:::::::*
	cpe:2.3:h:juniper:ex4500:-:::::::*
	cpe:2.3:h:juniper:ex4500-vc:-:::::::*
	cpe:2.3:h:juniper:ex4550:-:::::::*
	cpe:2.3:h:juniper:ex4550-vc:-:::::::*
	cpe:2.3:h:juniper:ex4550\/vc:-:::::::*
	cpe:2.3:h:juniper:ex4600:-:::::::*
	cpe:2.3:h:juniper:ex4600-vc:-:::::::*
	cpe:2.3:h:juniper:ex4650:-:::::::*
	cpe:2.3:h:juniper:ex6200:-:::::::*
	cpe:2.3:h:juniper:ex6210:-:::::::*
	cpe:2.3:h:juniper:ex8200:-:::::::*
	cpe:2.3:h:juniper:ex8200-vc:-:::::::*
	cpe:2.3:h:juniper:ex8208:-:::::::*
	cpe:2.3:h:juniper:ex8216:-:::::::*
	cpe:2.3:h:juniper:ex9200:-:::::::*
	cpe:2.3:h:juniper:ex9204:-:::::::*
	cpe:2.3:h:juniper:ex9208:-:::::::*
	cpe:2.3:h:juniper:ex9214:-:::::::*
	cpe:2.3:h:juniper:ex9250:-:::::::*
	cpe:2.3:h:juniper:ex9251:-:::::::*
	cpe:2.3:h:juniper:ex9253:-:::::::*
	cpe:2.3:h:juniper:srx100:-:::::::*
cpe:2.3:h:juniper:srx110:-:::::::*
cpe:2.3:h:juniper:srx1400:-:::::::*
cpe:2.3:h:juniper:srx1500:-:::::::*
cpe:2.3:h:juniper:srx210:-:::::::*
cpe:2.3:h:juniper:srx220:-:::::::*
cpe:2.3:h:juniper:srx240:-:::::::*
cpe:2.3:h:juniper:srx240h2:-:::::::*
cpe:2.3:h:juniper:srx240m:-:::::::*
cpe:2.3:h:juniper:srx300:-:::::::*
cpe:2.3:h:juniper:srx320:-:::::::*
cpe:2.3:h:juniper:srx340:-:::::::*
cpe:2.3:h:juniper:srx3400:-:::::::*
cpe:2.3:h:juniper:srx345:-:::::::*
cpe:2.3:h:juniper:srx3600:-:::::::*
cpe:2.3:h:juniper:srx380:-:::::::*
cpe:2.3:h:juniper:srx4000:-:::::::*
cpe:2.3:h:juniper:srx4100:-:::::::*
cpe:2.3:h:juniper:srx4200:-:::::::*
cpe:2.3:h:juniper:srx4600:-:::::::*
cpe:2.3:h:juniper:srx5000:-:::::::*
cpe:2.3:h:juniper:srx5400:-:::::::*
cpe:2.3:h:juniper:srx550:-:::::::*
cpe:2.3:h:juniper:srx550_hm:-:::::::*
cpe:2.3:h:juniper:srx550m:-:::::::*
cpe:2.3:h:juniper:srx5600:-:::::::*
cpe:2.3:h:juniper:srx5800:-:::::::*
cpe:2.3:h:juniper:srx650:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Juniper Subscribe	Ex2200 Subscribe Ex2200-c Subscribe Ex2200-vc Subscribe Ex2300 Subscribe Ex2300-24mp Subscribe Ex2300-24p Subscribe Ex2300-24t Subscribe Ex2300-48mp Subscribe Ex2300-48p Subscribe Ex2300-48t Subscribe Ex2300-c Subscribe Ex2300m Subscribe Ex3200 Subscribe Ex3300 Subscribe Ex3300-vc Subscribe Ex3400 Subscribe Ex4200 Subscribe Ex4200-vc Subscribe Ex4300 Subscribe Ex4300-24p Subscribe Ex4300-24p-s Subscribe Ex4300-24t Subscribe Ex4300-24t-s Subscribe Ex4300-32f Subscribe Ex4300-32f-dc Subscribe Ex4300-32f-s Subscribe Ex4300-48mp Subscribe Ex4300-48mp-s Subscribe Ex4300-48p Subscribe Ex4300-48p-s Subscribe Ex4300-48t Subscribe Ex4300-48t-afi Subscribe Ex4300-48t-dc Subscribe Ex4300-48t-dc-afi Subscribe Ex4300-48t-s Subscribe Ex4300-48tafi Subscribe Ex4300-48tdc Subscribe Ex4300-48tdc-afi Subscribe Ex4300-mp Subscribe Ex4300-vc Subscribe Ex4300m Subscribe Ex4400 Subscribe Ex4500 Subscribe Ex4500-vc Subscribe Ex4550 Subscribe Ex4550-vc Subscribe Ex4550\/vc Subscribe Ex4600 Subscribe Ex4600-vc Subscribe Ex4650 Subscribe Ex6200 Subscribe Ex6210 Subscribe Ex8200 Subscribe Ex8200-vc Subscribe Ex8208 Subscribe Ex8216 Subscribe Ex9200 Subscribe Ex9204 Subscribe Ex9208 Subscribe Ex9214 Subscribe Ex9250 Subscribe Ex9251 Subscribe Ex9253 Subscribe Junos Subscribe Srx100 Subscribe Srx110 Subscribe Srx1400 Subscribe Srx1500 Subscribe Srx210 Subscribe Srx220 Subscribe Srx240 Subscribe Srx240h2 Subscribe Srx240m Subscribe Srx300 Subscribe Srx320 Subscribe Srx340 Subscribe Srx3400 Subscribe Srx345 Subscribe Srx3600 Subscribe Srx380 Subscribe Srx4000 Subscribe Srx4100 Subscribe Srx4200 Subscribe Srx4600 Subscribe Srx5000 Subscribe Srx5400 Subscribe Srx550 Subscribe Srx550 Hm Subscribe Srx550m Subscribe Srx5600 Subscribe Srx5800 Subscribe Srx650 Subscribe

Advisories

No advisories yet.

Fixes

Solution

The following software releases have been updated to resolve this specific issue: 21.2R3-S8*, 21.4R3-S6*, 22.1R3-S5*, 22.2R3-S3*, 22.3R3-S2*, 22.4R2-S2, 22.4R3*, 23.2R1-S2, 23.2R2*, 23.4R1, and all subsequent releases. *Pending Publication

Workaround

Disable J-Web, or limit access to only trusted hosts.

References

Link	Providers
https://supportportal.juniper.net/JSA72300
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36851

History

Tue, 21 Oct 2025 23:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36851

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36851

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36851

Mon, 03 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2023-11-13'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2023-09-26T19:53:17.080Z

Updated: 2025-10-21T23:05:36.801Z

Reserved: 2023-06-27T16:17:25.277Z

Link: CVE-2023-36851

Vulnrichment

Updated: 2024-08-02T17:01:09.845Z

NVD

Status : Analyzed

Published: 2023-09-27T15:18:54.877

Modified: 2025-10-24T16:42:06.123

Link: CVE-2023-36851

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-306

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation active

Automatable yes

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object