cve/2023/CVE-2023-36846.md

### [CVE-2023-36846](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36846)
![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%2020.4R3-S8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)

### Description

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrityfor a certain part of the file system, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on SRX Series:  *  All versions prior to 20.4R3-S8;  *  21.1 versions 21.1R1 and later;  *  21.2 versions prior to 21.2R3-S6;  *  21.3 versions prior to  21.3R3-S5;  *  21.4 versions prior to 21.4R3-S5;  *  22.1 versions prior to 22.1R3-S3;  *  22.2 versions prior to 22.2R3-S2;  *  22.3 versions prior to 22.3R2-S2, 22.3R3;  *  22.4 versions prior to 22.4R2-S1, 22.4R3.

### POC

#### Reference
- http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html

#### Github
- https://github.com/Chocapikk/CVE-2023-36846
- https://github.com/Dreamy-elfland/CVE-2023-36846
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/devmehedi101/bugbounty-CVE-Report
- https://github.com/iveresk/CVE-2023-36845-6-
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/r3dcl1ff/CVE-2023-36844_Juniper_RCE
- https://github.com/securi3ytalent/bugbounty-CVE-Report
- https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844