Rewterz Threat Advisory – Multiple Juniper Networks Junos OS on EX Series and SRX Series Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-36847 CVSS:5.3

Juniper Networks Junos OS on EX Series could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.

CVE-2023-36846 CVSS:5.3

Juniper Networks Junos OS on SRX Series could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.

CVE-2023-36845 CVSS:5.3

Juniper Networks Junos OS on EX Series and SRX Series could allow a remote attacker to bypass security restrictions, caused by a PHP external variable modification flaw in J-Web. By sending a specially crafted request, an attacker could exploit this vulnerability to modify certain PHP environments variables.

CVE-2023-36844 CVSS:5.3

Juniper Networks Junos OS on EX Series could allow a remote attacker to bypass security restrictions, caused by a PHP external variable modification flaw in J-Web. By sending a specially crafted request, an attacker could exploit this vulnerability to modify certain PHP environments variables.

Impact

• Gain Access
• Security Bypass

Indicators Of Compromise

CVE

• CVE-2023-36847
• CVE-2023-36846
• CVE-2023-36845
• CVE-2023-36844

Affected Vendors

Juniper

Affected Products

• Juniper Networks EX Series
• Juniper Networks Junos OS 21.2
• Juniper Networks Junos OS 21.3
• Juniper Networks Junos OS 21.4

Remediation

Refer to Juniper Networks Security Bulletin for patch, upgrade or suggested workaround information.

Juniper Networks Security Bulletin