KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

5.3

CVSS
Medium

CVE-2023-36847

PUBLISHED

Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files

Exploited in the wild Remote Low complexity No user interaction

Vendor: Juniper Networks
Product: Junos OS
Published: Aug 17, 2023
EPSS: —

Description

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

php cisa edge nessus_scanner

CVSS scores

CVSS v3.1 5.3 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitation status

Exploited in the wild

Recorded 2023-11-13 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

https://supportportal.juniper.net/JSA72300

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Nov 13, 2023

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/180190	Jun 02, 2025

Timeline

CVE ID Reserved

June 27, 2023
CVE Published to Public

August 17, 2023
Added to KEVIntel

November 13, 2023
Detected by Nessus

June 02, 2025