Severity
Medium
Analysis Summary
CVE-2023-36847 CVSS:5.3
Juniper Networks Junos OS on EX Series could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.
CVE-2023-36846 CVSS:5.3
Juniper Networks Junos OS on SRX Series could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.
CVE-2023-36845 CVSS:5.3
Juniper Networks Junos OS on EX Series and SRX Series could allow a remote attacker to bypass security restrictions, caused by a PHP external variable modification flaw in J-Web. By sending a specially crafted request, an attacker could exploit this vulnerability to modify certain PHP environments variables.
CVE-2023-36844 CVSS:5.3
Juniper Networks Junos OS on EX Series could allow a remote attacker to bypass security restrictions, caused by a PHP external variable modification flaw in J-Web. By sending a specially crafted request, an attacker could exploit this vulnerability to modify certain PHP environments variables.
Impact
- Gain Access
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-36847
- CVE-2023-36846
- CVE-2023-36845
- CVE-2023-36844
Affected Vendors
Juniper
Affected Products
- Juniper Networks EX Series
- Juniper Networks Junos OS 21.2
- Juniper Networks Junos OS 21.3
- Juniper Networks Junos OS 21.4
Remediation
Refer to Juniper Networks Security Bulletin for patch, upgrade or suggested workaround information.