- 196/2023
- Medium
Juniper has released a security update to fix several vulnerabilities across multiple versions of the J-Web component of Juniper Networks Junos OS on SRX and EX Series.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, and gain access to the affected versions by sending a specially crafted HTTP request.
Sample of the addressed vulnerabilities:
1. Juniper Networks Junos OS on (EX, SRX) Series Security Bypass Vulnerability (CVE-2023-36845):
- CVSS: 5.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Juniper Networks Junos OS on SRX Series File Upload Vulnerability (CVE 2023-36846):
- CVSS: 5.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Sample of the affected versions:
- All versions prior to 20.4R3-S8.
- 21.2 versions prior to 21.2R3-S6.
- 22.2 versions prior to 22.2R3-S1.
- 22.3 versions prior to 22.3R2-S2, 22.3R3.
Vulnerabilities
- CVE-2023-36844
- CVE-2023-36845
- CVE-2023-36846
- CVE-2023-36847
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.