cve/2023/CVE-2023-36851.md

### [CVE-2023-36851](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36851)
![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=21.2%3C%2021.2R3-S8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)

### Description

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.With a specific request to webauth_operation.phpthat doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities.This issue affects Juniper Networks Junos OS on SRX Series:  *  21.2 versions prior to 21.2R3-S8;  *  21.4 versions prior to 21.4R3-S6;  *  22.1 versions prior to 22.1R3-S5;  *  22.2 versions prior to 22.2R3-S3;  *  22.3 versions prior to 22.3R3-S2;  *  22.4 versions prior to 22,4R2-S2, 22.4R3;  *  23.2 versions prior to 23.2R1-S2, 23.2R2.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors