cve/2023/CVE-2023-36847.md

### [CVE-2023-36847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36847)
![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%2020.4R3-S8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)

### Description

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrityfor a certain part of the file system, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on EX Series:  *  All versions prior to 20.4R3-S8;  *  21.1 versions 21.1R1 and later;  *  21.2 versions prior to 21.2R3-S6;  *  21.3 versions prior to  21.3R3-S5;  *  21.4 versions prior to 21.4R3-S4;  *  22.1 versions prior to 22.1R3-S3;  *  22.2 versions prior to 22.2R3-S1;  *  22.3 versions prior to 22.3R2-S2, 22.3R3;  *  22.4 versions prior to 22.4R2-S1, 22.4R3.

### POC

#### Reference
- http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html

#### Github
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/devmehedi101/bugbounty-CVE-Report
- https://github.com/r3dcl1ff/CVE-2023-36844_Juniper_RCE
- https://github.com/securi3ytalent/bugbounty-CVE-Report
- https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-36847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36847)`
			`![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%2020.4R3-S8%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)`

			`### Description`

			A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrityfor a certain part of the file system, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/174397/Juniper-JunOS-SRX-EX-Remote-Code-Execution.html`

			`#### Github`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/devmehedi101/bugbounty-CVE-Report`
			`- https://github.com/r3dcl1ff/CVE-2023-36844_Juniper_RCE`
			`- https://github.com/securi3ytalent/bugbounty-CVE-Report`
			`- https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844`