Search criteria
6 vulnerabilities found for srx5400 by juniper
VAR-201507-0045
Vulnerability from variot - Updated: 2023-12-18 13:09The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial of service (crash) via a crafted DNS response. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Juniper Networks SRX Series services gateways with Junos are Juniper Networks' SRX Series gateway devices running the Junos operating system. The SRX Network Security Daemon (nsd) is one of the network security daemons. Juniper Junos is prone to a remote denial-of-service vulnerability. Successful exploits may allow the attacker to crash the system; denying service to legitimate users. The following versions are affected: Junos 12.1X44 prior to 12.1X44-D50, 12.1X46 prior to 12.1X46-D35, 12.1X47 prior to 12.1X47-D25, 12.3X48 prior to 12.3X48-D15
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "12.3x48"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "12.1x47"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x47-d25"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "srx3400",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.3x48"
},
{
"model": "srx210",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx650",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x44-d50"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.3x48-d15"
},
{
"model": "srx550",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx5800",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx100",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "srx220",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx5600",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx5400",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx110",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x47"
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x46-d35"
},
{
"model": "srx240",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx1400",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx3600",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos 12.1x44",
"scope": null,
"trust": 0.6,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos 12.1x46",
"scope": null,
"trust": 0.6,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos 12.1x47",
"scope": null,
"trust": 0.6,
"vendor": "juniper",
"version": null
},
{
"model": "networks junos 12.3x48",
"scope": null,
"trust": 0.6,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3x48-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x47-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x47-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x47-d11",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x47-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d20.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d45",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d35.5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d34",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d32",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d30.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d20.3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.3x48-d15",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x47-d25",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d35",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d50",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"db": "BID",
"id": "75722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003872"
},
{
"db": "NVD",
"id": "CVE-2015-5363"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-627"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x44:d10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x44:d15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x44:d20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x44:d25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x44:d30:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x44:d40:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x44:d35:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x44:d45:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:d15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5363"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "75722"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5363",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-5363",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04950",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-83324",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5363",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-04950",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-627",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83324",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"db": "VULHUB",
"id": "VHN-83324"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003872"
},
{
"db": "NVD",
"id": "CVE-2015-5363"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-627"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial of service (crash) via a crafted DNS response. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. Juniper Networks SRX Series services gateways with Junos are Juniper Networks\u0027 SRX Series gateway devices running the Junos operating system. The SRX Network Security Daemon (nsd) is one of the network security daemons. Juniper Junos is prone to a remote denial-of-service vulnerability. \nSuccessful exploits may allow the attacker to crash the system; denying service to legitimate users. The following versions are affected: Junos 12.1X44 prior to 12.1X44-D50, 12.1X46 prior to 12.1X46-D35, 12.1X47 prior to 12.1X47-D25, 12.3X48 prior to 12.3X48-D15",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5363"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003872"
},
{
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"db": "BID",
"id": "75722"
},
{
"db": "VULHUB",
"id": "VHN-83324"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5363",
"trust": 3.4
},
{
"db": "JUNIPER",
"id": "JSA10692",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1032848",
"trust": 1.7
},
{
"db": "BID",
"id": "75722",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003872",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-627",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04950",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-83324",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"db": "VULHUB",
"id": "VHN-83324"
},
{
"db": "BID",
"id": "75722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003872"
},
{
"db": "NVD",
"id": "CVE-2015-5363"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-627"
}
]
},
"id": "VAR-201507-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"db": "VULHUB",
"id": "VHN-83324"
}
],
"trust": 0.9894736799999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04950"
}
]
},
"last_update_date": "2023-12-18T13:09:10.659000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10692",
"trust": 0.8,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10692"
},
{
"title": "Juniper Networks Junos SRX Series SRX Network Security Daemon Patch for Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/61238"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003872"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83324"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003872"
},
{
"db": "NVD",
"id": "CVE-2015-5363"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10692"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1032848"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5363"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5363"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10692\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10692"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"db": "VULHUB",
"id": "VHN-83324"
},
{
"db": "BID",
"id": "75722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003872"
},
{
"db": "NVD",
"id": "CVE-2015-5363"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-627"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"db": "VULHUB",
"id": "VHN-83324"
},
{
"db": "BID",
"id": "75722"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003872"
},
{
"db": "NVD",
"id": "CVE-2015-5363"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-627"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"date": "2015-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-83324"
},
{
"date": "2015-07-13T00:00:00",
"db": "BID",
"id": "75722"
},
{
"date": "2015-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003872"
},
{
"date": "2015-07-16T14:59:09.747000",
"db": "NVD",
"id": "CVE-2015-5363"
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-627"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"date": "2015-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-83324"
},
{
"date": "2015-07-13T00:00:00",
"db": "BID",
"id": "75722"
},
{
"date": "2015-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003872"
},
{
"date": "2015-07-21T11:21:58.003000",
"db": "NVD",
"id": "CVE-2015-5363"
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-627"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-627"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks Junos SRX Series SRX Network Security Daemon Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04950"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-627"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "75722"
}
],
"trust": 0.3
}
}
VAR-201410-1108
Vulnerability from variot - Updated: 2023-12-18 12:51The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to crash, denying service to legitimate users. Note: This issue affects on SRX series devices. Juniper Networks SRX Series devices with Junos are SRX series devices of Juniper Networks (Juniper Networks) running the Junos operating system. The following versions are affected: Juniper Networks Juniper SRX Series devices with Junos 11.4R12-S4 prior to 11.4, 12.1X44 prior to 12.1X44-D40, 12.1X45 prior to 12.1X45-D30, 12.1X46 prior to 12.1X46-D25, 12.1X47 -D10 before 12.1X47 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-1108",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "junos",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "12.1x47"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "12.1x45"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.9,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "12.1"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "11.4"
},
{
"model": "srx5800",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx550",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx110",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx5600",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx220",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx650",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx3600",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx240",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx3400",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx1400",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx100",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "srx210",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x44"
},
{
"model": "srx3400",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "11.4"
},
{
"model": "srx210",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx650",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "11.4r12-s4"
},
{
"model": "srx550",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx5800",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x44-d40"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x45"
},
{
"model": "srx100",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x47-d11"
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x46"
},
{
"model": "srx220",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx5600",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx5400",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "srx110",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "lt",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x47"
},
{
"model": "srx240",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x46-d25"
},
{
"model": "srx1400",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "12.1x45-d30"
},
{
"model": "srx3600",
"scope": null,
"trust": 0.8,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x45-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x45-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x45-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos d15",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1x45-"
},
{
"model": "junos 12.1x44-d35",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d34",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d32",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d30.4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d26",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d20.3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 11.4r12",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x47-d10",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x46-d25",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x45-d30",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 12.1x44-d40",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos 11.4r12-s4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "70366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004847"
},
{
"db": "NVD",
"id": "CVE-2014-3825"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-259"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1x46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3825"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "70366"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3825",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3825",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71765",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3825",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-259",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71765",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71765"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004847"
},
{
"db": "NVD",
"id": "CVE-2014-3825"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-259"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet. Juniper Junos is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause an affected device to crash, denying service to legitimate users. \nNote: This issue affects on SRX series devices. Juniper Networks SRX Series devices with Junos are SRX series devices of Juniper Networks (Juniper Networks) running the Junos operating system. The following versions are affected: Juniper Networks Juniper SRX Series devices with Junos 11.4R12-S4 prior to 11.4, 12.1X44 prior to 12.1X44-D40, 12.1X45 prior to 12.1X45-D30, 12.1X46 prior to 12.1X46-D25, 12.1X47 -D10 before 12.1X47 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3825"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004847"
},
{
"db": "BID",
"id": "70366"
},
{
"db": "VULHUB",
"id": "VHN-71765"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3825",
"trust": 2.8
},
{
"db": "JUNIPER",
"id": "JSA10650",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1031007",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004847",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-259",
"trust": 0.7
},
{
"db": "BID",
"id": "70366",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-71765",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71765"
},
{
"db": "BID",
"id": "70366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004847"
},
{
"db": "NVD",
"id": "CVE-2014-3825"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-259"
}
]
},
"id": "VAR-201410-1108",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71765"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:50.531000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "JSA10650",
"trust": 0.8,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10650"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004847"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71765"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004847"
},
{
"db": "NVD",
"id": "CVE-2014-3825"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10650"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031007"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3825"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3825"
},
{
"trust": 0.3,
"url": "http://www.juniper.net/"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10650\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.1,
"url": "https://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10650"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71765"
},
{
"db": "BID",
"id": "70366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004847"
},
{
"db": "NVD",
"id": "CVE-2014-3825"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-259"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71765"
},
{
"db": "BID",
"id": "70366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004847"
},
{
"db": "NVD",
"id": "CVE-2014-3825"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-259"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-14T00:00:00",
"db": "VULHUB",
"id": "VHN-71765"
},
{
"date": "2014-10-08T00:00:00",
"db": "BID",
"id": "70366"
},
{
"date": "2014-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004847"
},
{
"date": "2014-10-14T14:55:05.070000",
"db": "NVD",
"id": "CVE-2014-3825"
},
{
"date": "2014-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-259"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-71765"
},
{
"date": "2014-10-08T00:00:00",
"db": "BID",
"id": "70366"
},
{
"date": "2015-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004847"
},
{
"date": "2015-11-05T16:22:04.987000",
"db": "NVD",
"id": "CVE-2014-3825"
},
{
"date": "2014-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-259"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-259"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Junos of Juniper SRX Service operation interruption in series drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004847"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-259"
}
],
"trust": 0.6
}
}
CVE-2023-36844 (GCVE-0-2023-36844)
Vulnerability from cvelistv5 – Published: 2023-08-17 19:17 – Updated: 2025-10-21 23:05
VLAI?
Summary
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.
Using a crafted request an attacker is able to modify
certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on EX Series:
* All versions prior to 20.4R3-S9;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S7;
* 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S4;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to 22.3R3-S1;
* 22.4 versions
prior to
22.4R2-S2, 22.4R3;
* 23.2 versions prior to
23.2R1-S1, 23.2R2.
Severity ?
5.3 (Medium)
CWE
- CWE-473 - PHP External Variable Modification
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S9
(semver)
Affected: 21.1 , < 21.1* (semver) Affected: 21.2 , < 21.2R3-S6 (semver) Affected: 21.3 , < 21.3R3-S5 (semver) Affected: 21.4 , < 21.4R3-S5 (semver) Affected: 22.1 , < 22.1R3-S4 (semver) Affected: 22.2 , < 22.2R3-S2 (semver) Affected: 22.3 , < 22.3R3-S1 (semver) Affected: 22.4 , < 22.4R2-S2, 22.4R3 (semver) Affected: 23.2 , < 23.2R1-S1, 23.2R2 (semver) |
Credits
LYS, working with DEVCORE Internship Program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"mitigation",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA72300"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36844",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:40:39.936747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-11-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36844"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:40.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36844"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-13T00:00:00+00:00",
"value": "CVE-2023-36844 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S1, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following minimal configuration is necessary:\u003c/p\u003e\u003ccode\u003e\u0026nbsp; [system services web-management http]\u003c/code\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003e\u0026nbsp; [system services web-management https]\u003c/code\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "The following minimal configuration is necessary:\n\n\u00a0 [system services web-management http]or\n\n\u00a0 [system services web-management https]"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LYS, working with DEVCORE Internship Program"
}
],
"datePublic": "2023-08-17T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.\u003cbr\u003e\u003cbr\u003eUsing a crafted request an attacker is able to modify \n\ncertain PHP environment variables\u0026nbsp;leading to partial loss of integrity,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhich may allow chaining to other vulnerabilities.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS on EX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.1 versions 21.1R1 and later;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions \n\nprior to \n\n 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions \n\nprior to \n\n21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions \n\nprior to \n\n22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions \n\nprior to \n\n22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions \n\nprior to 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions \n\nprior to \n\n22.4R2-S2, 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions prior to \n\n23.2R1-S1, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.\n\nUsing a crafted request an attacker is able to modify \n\ncertain PHP environment variables\u00a0leading to partial loss of integrity,\u00a0which may allow chaining to other vulnerabilities.\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S7;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S1, 23.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-473",
"description": "CWE-473 PHP External Variable Modification",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T18:06:16.835Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory",
"mitigation"
],
"url": "https://supportportal.juniper.net/JSA72300"
},
{
"url": "http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e20.4R3-S9*, 21.2R3-S7*, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2, 22.3R3-S1*, 22.4R2-S2*, 22.4R3*, 23.2R1-S1, 23.2R2*\u003c/span\u003e, 23.4R1*, and all subsequent releases.\u003cbr\u003e\n\n*Pending Publication\n\n\n\n\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S9*, 21.2R3-S7*, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2, 22.3R3-S1*, 22.4R2-S2*, 22.4R3*, 23.2R1-S1, 23.2R2*, 23.4R1*, and all subsequent releases.\n\n\n*Pending Publication"
}
],
"source": {
"defect": [
"1736937"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable J-Web, or limit access to only trusted hosts.\n\n\u003cbr\u003e"
}
],
"value": "Disable J-Web, or limit access to only trusted hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-36844",
"datePublished": "2023-08-17T19:17:47.904Z",
"dateReserved": "2023-06-27T16:17:25.277Z",
"dateUpdated": "2025-10-21T23:05:40.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36847 (GCVE-0-2023-36847)
Vulnerability from cvelistv5 – Published: 2023-08-17 19:16 – Updated: 2025-10-21 23:05
VLAI?
Summary
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of
integrity
for a certain
part of the file system, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on EX Series:
* All versions prior to 20.4R3-S8;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S4;
* 22.1 versions
prior to
22.1R3-S3;
* 22.2 versions
prior to
22.2R3-S1;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3.
Severity ?
5.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S8
(semver)
Affected: 21.1 , < 21.1* (semver) Affected: 21.2 , < 21.2R3-S6 (semver) Affected: 21.3 , < 21.3R3-S5 (semver) Affected: 21.4 , < 21.4R3-S4 (semver) Affected: 22.1 , < 22.1R3-S3 (semver) Affected: 22.2 , < 22.2R3-S1 (semver) Affected: 22.3 , < 22.3R2-S2, 22.3R3 (semver) Affected: 22.4 , < 22.4R2-S1, 22.4R3 (semver) |
Credits
LYS, working with DEVCORE Internship Program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"mitigation",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA72300"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36847",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:40:41.634298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-11-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36847"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:40.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36847"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-13T00:00:00+00:00",
"value": "CVE-2023-36847 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S1, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n \n\n\n\n\n\n\n\n\u003cp\u003eThe following minimal configuration is necessary:\u003c/p\u003e\u003ccode\u003e\u0026nbsp; [system services web-management http]\u003c/code\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003e\u0026nbsp; [system services web-management https]\u003c/code\u003e\u003cbr\u003e"
}
],
"value": "\n \n\n\n\n\n\n\n\nThe following minimal configuration is necessary:\n\n\u00a0 [system services web-management http]or\n\n\u00a0 [system services web-management https]\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LYS, working with DEVCORE Internship Program"
}
],
"datePublic": "2023-08-17T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\u003cbr\u003e\u003cbr\u003e\n\n\n\nWith a specific request to installAppPackage.php that doesn\u0027t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eintegrity\u003c/span\u003e\n\nfor a certain \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epart of the \u003c/span\u003efile system, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhich may allow chaining to other vulnerabilities.\u003c/span\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS on EX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8;\u003c/li\u003e\u003cli\u003e21.1 versions 21.1R1 and later;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S6;\u003c/li\u003e\u003cli\u003e21.3 versions \n\nprior to \n\n 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions \n\nprior to \n\n21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions \n\nprior to \n\n22.1R3-S3;\u003c/li\u003e\u003cli\u003e22.2 versions \n\nprior to \n\n22.2R3-S1;\u003c/li\u003e\u003cli\u003e22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\n\n\nWith a specific request to installAppPackage.php that doesn\u0027t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain \n\npart of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S4;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S1;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e"
}
],
"value": "\nJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T19:59:41.629Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory",
"mitigation"
],
"url": "https://supportportal.juniper.net/JSA72300"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1\u003c/span\u003e, and all subsequent releases.\u003cbr\u003e*Pending Publication\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.\n*Pending Publication\n"
}
],
"source": {
"defect": [
"1735387"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\nDisable J-Web, or limit access to only trusted hosts.\u003cbr\u003e"
}
],
"value": "\n\n\n\n\n\n\nDisable J-Web, or limit access to only trusted hosts.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-36847",
"datePublished": "2023-08-17T19:16:53.657Z",
"dateReserved": "2023-06-27T16:17:25.277Z",
"dateUpdated": "2025-10-21T23:05:40.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36844 (GCVE-0-2023-36844)
Vulnerability from nvd – Published: 2023-08-17 19:17 – Updated: 2025-10-21 23:05
VLAI?
Summary
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.
Using a crafted request an attacker is able to modify
certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on EX Series:
* All versions prior to 20.4R3-S9;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S7;
* 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S4;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to 22.3R3-S1;
* 22.4 versions
prior to
22.4R2-S2, 22.4R3;
* 23.2 versions prior to
23.2R1-S1, 23.2R2.
Severity ?
5.3 (Medium)
CWE
- CWE-473 - PHP External Variable Modification
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S9
(semver)
Affected: 21.1 , < 21.1* (semver) Affected: 21.2 , < 21.2R3-S6 (semver) Affected: 21.3 , < 21.3R3-S5 (semver) Affected: 21.4 , < 21.4R3-S5 (semver) Affected: 22.1 , < 22.1R3-S4 (semver) Affected: 22.2 , < 22.2R3-S2 (semver) Affected: 22.3 , < 22.3R3-S1 (semver) Affected: 22.4 , < 22.4R2-S2, 22.4R3 (semver) Affected: 23.2 , < 23.2R1-S1, 23.2R2 (semver) |
Credits
LYS, working with DEVCORE Internship Program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"mitigation",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA72300"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36844",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:40:39.936747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-11-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36844"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:40.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36844"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-13T00:00:00+00:00",
"value": "CVE-2023-36844 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S2",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S1, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following minimal configuration is necessary:\u003c/p\u003e\u003ccode\u003e\u0026nbsp; [system services web-management http]\u003c/code\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003e\u0026nbsp; [system services web-management https]\u003c/code\u003e\n\n\n\n\u003cbr\u003e"
}
],
"value": "The following minimal configuration is necessary:\n\n\u00a0 [system services web-management http]or\n\n\u00a0 [system services web-management https]"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LYS, working with DEVCORE Internship Program"
}
],
"datePublic": "2023-08-17T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.\u003cbr\u003e\u003cbr\u003eUsing a crafted request an attacker is able to modify \n\ncertain PHP environment variables\u0026nbsp;leading to partial loss of integrity,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhich may allow chaining to other vulnerabilities.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS on EX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.1 versions 21.1R1 and later;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions \n\nprior to \n\n 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions \n\nprior to \n\n21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions \n\nprior to \n\n22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions \n\nprior to \n\n22.2R3-S2;\u003c/li\u003e\u003cli\u003e22.3 versions \n\nprior to 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions \n\nprior to \n\n22.4R2-S2, 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions prior to \n\n23.2R1-S1, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.\n\nUsing a crafted request an attacker is able to modify \n\ncertain PHP environment variables\u00a0leading to partial loss of integrity,\u00a0which may allow chaining to other vulnerabilities.\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S7;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S1, 23.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-473",
"description": "CWE-473 PHP External Variable Modification",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-02T18:06:16.835Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory",
"mitigation"
],
"url": "https://supportportal.juniper.net/JSA72300"
},
{
"url": "http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e20.4R3-S9*, 21.2R3-S7*, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2, 22.3R3-S1*, 22.4R2-S2*, 22.4R3*, 23.2R1-S1, 23.2R2*\u003c/span\u003e, 23.4R1*, and all subsequent releases.\u003cbr\u003e\n\n*Pending Publication\n\n\n\n\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S9*, 21.2R3-S7*, 21.3R3-S5*, 21.4R3-S5*, 22.1R3-S4*, 22.2R3-S2, 22.3R3-S1*, 22.4R2-S2*, 22.4R3*, 23.2R1-S1, 23.2R2*, 23.4R1*, and all subsequent releases.\n\n\n*Pending Publication"
}
],
"source": {
"defect": [
"1736937"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Disable J-Web, or limit access to only trusted hosts.\n\n\u003cbr\u003e"
}
],
"value": "Disable J-Web, or limit access to only trusted hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-36844",
"datePublished": "2023-08-17T19:17:47.904Z",
"dateReserved": "2023-06-27T16:17:25.277Z",
"dateUpdated": "2025-10-21T23:05:40.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36847 (GCVE-0-2023-36847)
Vulnerability from nvd – Published: 2023-08-17 19:16 – Updated: 2025-10-21 23:05
VLAI?
Summary
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.
With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of
integrity
for a certain
part of the file system, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on EX Series:
* All versions prior to 20.4R3-S8;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S6;
* 21.3 versions
prior to
21.3R3-S5;
* 21.4 versions
prior to
21.4R3-S4;
* 22.1 versions
prior to
22.1R3-S3;
* 22.2 versions
prior to
22.2R3-S1;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3.
Severity ?
5.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 20.4R3-S8
(semver)
Affected: 21.1 , < 21.1* (semver) Affected: 21.2 , < 21.2R3-S6 (semver) Affected: 21.3 , < 21.3R3-S5 (semver) Affected: 21.4 , < 21.4R3-S4 (semver) Affected: 22.1 , < 22.1R3-S3 (semver) Affected: 22.2 , < 22.2R3-S1 (semver) Affected: 22.3 , < 22.3R2-S2, 22.3R3 (semver) Affected: 22.4 , < 22.4R2-S1, 22.4R3 (semver) |
Credits
LYS, working with DEVCORE Internship Program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"mitigation",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA72300"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36847",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:40:41.634298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-11-13",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36847"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:40.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36847"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-13T00:00:00+00:00",
"value": "CVE-2023-36847 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.1*",
"status": "affected",
"version": "21.1",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S1, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n \n\n\n\n\n\n\n\n\u003cp\u003eThe following minimal configuration is necessary:\u003c/p\u003e\u003ccode\u003e\u0026nbsp; [system services web-management http]\u003c/code\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003e\u0026nbsp; [system services web-management https]\u003c/code\u003e\u003cbr\u003e"
}
],
"value": "\n \n\n\n\n\n\n\n\nThe following minimal configuration is necessary:\n\n\u00a0 [system services web-management http]or\n\n\u00a0 [system services web-management https]\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LYS, working with DEVCORE Internship Program"
}
],
"datePublic": "2023-08-17T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\u003cbr\u003e\u003cbr\u003e\n\n\n\nWith a specific request to installAppPackage.php that doesn\u0027t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eintegrity\u003c/span\u003e\n\nfor a certain \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epart of the \u003c/span\u003efile system, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhich may allow chaining to other vulnerabilities.\u003c/span\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS on EX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8;\u003c/li\u003e\u003cli\u003e21.1 versions 21.1R1 and later;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S6;\u003c/li\u003e\u003cli\u003e21.3 versions \n\nprior to \n\n 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions \n\nprior to \n\n21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions \n\nprior to \n\n22.1R3-S3;\u003c/li\u003e\u003cli\u003e22.2 versions \n\nprior to \n\n22.2R3-S1;\u003c/li\u003e\u003cli\u003e22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\n\n\nWith a specific request to installAppPackage.php that doesn\u0027t require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain \n\npart of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S4;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S1;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003cbr\u003e"
}
],
"value": "\nJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-26T19:59:41.629Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory",
"mitigation"
],
"url": "https://supportportal.juniper.net/JSA72300"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1\u003c/span\u003e, and all subsequent releases.\u003cbr\u003e*Pending Publication\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\n20.4R3-S8, 21.2R3-S6, 21.3R3-S5*, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3*, 23.2R1, and all subsequent releases.\n*Pending Publication\n"
}
],
"source": {
"defect": [
"1735387"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\nDisable J-Web, or limit access to only trusted hosts.\u003cbr\u003e"
}
],
"value": "\n\n\n\n\n\n\nDisable J-Web, or limit access to only trusted hosts.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2023-36847",
"datePublished": "2023-08-17T19:16:53.657Z",
"dateReserved": "2023-06-27T16:17:25.277Z",
"dateUpdated": "2025-10-21T23:05:40.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}