CVE-2023-36851

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload and download arbitrary files via J-Web, leading to a loss of integrity or confidentiality, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 21.2 versions prior to 21.2R3-S8; * 21.4 versions prior to 21.4R3-S6; * 22.1 versions prior to 22.1R3-S5; * 22.2 versions prior to 22.2R3-S3; * 22.3 versions prior to 22.3R3-S2; * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S2, 23.2R2.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA72300	Vendor Advisory
https://supportportal.juniper.net/JSA72300	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36851	US Government Resource

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:juniper:junos:21.2:-::::::
	cpe:2.3:o:juniper:junos:21.2:r1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r2::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s6::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s7::::::
	cpe:2.3:o:juniper:junos:21.4:-::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r2::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:22.1:r1::::::
	cpe:2.3:o:juniper:junos:22.1:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r2::::::
	cpe:2.3:o:juniper:junos:22.1:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r3::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.1:r3-s4::::::
	cpe:2.3:o:juniper:junos:22.2:r1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r2::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.3:r2::::::
	cpe:2.3:o:juniper:junos:22.3:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.3:r3::::::
	cpe:2.3:o:juniper:junos:22.3:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s1::::::

OR	cpe:2.3:h:juniper:ex2200:-:::::::*
	cpe:2.3:h:juniper:ex2200-c:-:::::::*
	cpe:2.3:h:juniper:ex2200-vc:-:::::::*
	cpe:2.3:h:juniper:ex2300:-:::::::*
	cpe:2.3:h:juniper:ex2300-24mp:-:::::::*
	cpe:2.3:h:juniper:ex2300-24p:-:::::::*
	cpe:2.3:h:juniper:ex2300-24t:-:::::::*
	cpe:2.3:h:juniper:ex2300-48mp:-:::::::*
	cpe:2.3:h:juniper:ex2300-48p:-:::::::*
	cpe:2.3:h:juniper:ex2300-48t:-:::::::*
	cpe:2.3:h:juniper:ex2300-c:-:::::::*
	cpe:2.3:h:juniper:ex2300m:-:::::::*
	cpe:2.3:h:juniper:ex3200:-:::::::*
	cpe:2.3:h:juniper:ex3300:-:::::::*
	cpe:2.3:h:juniper:ex3300-vc:-:::::::*
	cpe:2.3:h:juniper:ex3400:-:::::::*
	cpe:2.3:h:juniper:ex4200:-:::::::*
	cpe:2.3:h:juniper:ex4200-vc:-:::::::*
	cpe:2.3:h:juniper:ex4300:-:::::::*
	cpe:2.3:h:juniper:ex4300-24p:-:::::::*
	cpe:2.3:h:juniper:ex4300-24p-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-24t:-:::::::*
	cpe:2.3:h:juniper:ex4300-24t-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-32f:-:::::::*
	cpe:2.3:h:juniper:ex4300-32f-dc:-:::::::*
	cpe:2.3:h:juniper:ex4300-32f-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48mp:-:::::::*
	cpe:2.3:h:juniper:ex4300-48mp-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48p:-:::::::*
	cpe:2.3:h:juniper:ex4300-48p-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-afi:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-dc:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-dc-afi:-:::::::*
	cpe:2.3:h:juniper:ex4300-48t-s:-:::::::*
	cpe:2.3:h:juniper:ex4300-48tafi:-:::::::*
	cpe:2.3:h:juniper:ex4300-48tdc:-:::::::*
	cpe:2.3:h:juniper:ex4300-48tdc-afi:-:::::::*
	cpe:2.3:h:juniper:ex4300-mp:-:::::::*
	cpe:2.3:h:juniper:ex4300-vc:-:::::::*
	cpe:2.3:h:juniper:ex4300m:-:::::::*
	cpe:2.3:h:juniper:ex4400:-:::::::*
	cpe:2.3:h:juniper:ex4500:-:::::::*
	cpe:2.3:h:juniper:ex4500-vc:-:::::::*
	cpe:2.3:h:juniper:ex4550:-:::::::*
	cpe:2.3:h:juniper:ex4550-vc:-:::::::*
	cpe:2.3:h:juniper:ex4550\/vc:-:::::::*
	cpe:2.3:h:juniper:ex4600:-:::::::*
	cpe:2.3:h:juniper:ex4600-vc:-:::::::*
	cpe:2.3:h:juniper:ex4650:-:::::::*
	cpe:2.3:h:juniper:ex6200:-:::::::*
	cpe:2.3:h:juniper:ex6210:-:::::::*
	cpe:2.3:h:juniper:ex8200:-:::::::*
	cpe:2.3:h:juniper:ex8200-vc:-:::::::*
	cpe:2.3:h:juniper:ex8208:-:::::::*
	cpe:2.3:h:juniper:ex8216:-:::::::*
	cpe:2.3:h:juniper:ex9200:-:::::::*
	cpe:2.3:h:juniper:ex9204:-:::::::*
	cpe:2.3:h:juniper:ex9208:-:::::::*
	cpe:2.3:h:juniper:ex9214:-:::::::*
	cpe:2.3:h:juniper:ex9250:-:::::::*
	cpe:2.3:h:juniper:ex9251:-:::::::*
	cpe:2.3:h:juniper:ex9253:-:::::::*
	cpe:2.3:h:juniper:srx100:-:::::::*
cpe:2.3:h:juniper:srx110:-:::::::*
cpe:2.3:h:juniper:srx1400:-:::::::*
cpe:2.3:h:juniper:srx1500:-:::::::*
cpe:2.3:h:juniper:srx210:-:::::::*
cpe:2.3:h:juniper:srx220:-:::::::*
cpe:2.3:h:juniper:srx240:-:::::::*
cpe:2.3:h:juniper:srx240h2:-:::::::*
cpe:2.3:h:juniper:srx240m:-:::::::*
cpe:2.3:h:juniper:srx300:-:::::::*
cpe:2.3:h:juniper:srx320:-:::::::*
cpe:2.3:h:juniper:srx340:-:::::::*
cpe:2.3:h:juniper:srx3400:-:::::::*
cpe:2.3:h:juniper:srx345:-:::::::*
cpe:2.3:h:juniper:srx3600:-:::::::*
cpe:2.3:h:juniper:srx380:-:::::::*
cpe:2.3:h:juniper:srx4000:-:::::::*
cpe:2.3:h:juniper:srx4100:-:::::::*
cpe:2.3:h:juniper:srx4200:-:::::::*
cpe:2.3:h:juniper:srx4600:-:::::::*
cpe:2.3:h:juniper:srx5000:-:::::::*
cpe:2.3:h:juniper:srx5400:-:::::::*
cpe:2.3:h:juniper:srx550:-:::::::*
cpe:2.3:h:juniper:srx550_hm:-:::::::*
cpe:2.3:h:juniper:srx550m:-:::::::*
cpe:2.3:h:juniper:srx5600:-:::::::*
cpe:2.3:h:juniper:srx5800:-:::::::*
cpe:2.3:h:juniper:srx650:-:::::::*

History

24 Oct 2025, 16:42

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36851 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36851 - US Government Resource

21 Oct 2025, 23:16

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36851 -

21 Oct 2025, 20:19

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36851', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:20

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36851 -

27 Jan 2025, 21:40

Type	Values Removed	Values Added
References	~~() https://supportportal.juniper.net/JSA72300 - Mitigation, Vendor Advisory~~	() https://supportportal.juniper.net/JSA72300 - Vendor Advisory

21 Nov 2024, 08:10

Type	Values Removed	Values Added
References	~~() https://supportportal.juniper.net/JSA72300 - Mitigation, Vendor Advisory~~	() https://supportportal.juniper.net/JSA72300 - Mitigation, Vendor Advisory

26 Jun 2024, 20:17

Type	Values Removed	Values Added
CPE	cpe:2.3:o:juniper:junos:20.4:-:::::: cpe:2.3:o:juniper:junos:20.4:r3-s7:::::: cpe:2.3:o:juniper:junos:21.1:r3-s4:::::: cpe:2.3:o:juniper:junos:21.3:r2-s2:::::: cpe:2.3:o:juniper:junos:20.4:r1-s1:::::: cpe:2.3:o:juniper:junos:21.1:r3-s3:::::: cpe:2.3:o:juniper:junos:20.4:r2-s1:::::: cpe:2.3:o:juniper:junos:21.3:r3-s2:::::: cpe:2.3:o:juniper:junos:21.3:r3:::::: cpe:2.3:o:juniper:junos:21.1:r1:::::: cpe:2.3:o:juniper:junos:20.4:r3-s6:::::: cpe:2.3:o:juniper:junos:20.4:r3-s2:::::: cpe:2.3:o:juniper:junos:20.4:r1:::::: cpe:2.3:o:juniper:junos:20.4:r3-s8:::::: cpe:2.3:o:juniper:junos:21.1:r2-s2:::::: cpe:2.3:o:juniper:junos:21.1:r2-s1:::::: cpe:2.3:o:juniper:junos:20.4:r2-s2:::::: cpe:2.3:o:juniper:junos:20.4:r3-s1:::::: cpe:2.3:o:juniper:junos:20.4:r3-s3:::::: cpe:2.3:o:juniper:junos:21.3:r3-s3:::::: cpe:2.3:o:juniper:junos:21.3:r2:::::: cpe:2.3:o:juniper:junos:21.3:r3-s1:::::: cpe:2.3:o:juniper:junos:21.1:r3-s2:::::: cpe:2.3:o:juniper:junos:21.3:r1-s1:::::: cpe:2.3:o:juniper:junos:20.4:r3:::::: cpe:2.3:o:juniper:junos:21.1:r3-s1:::::: cpe:2.3:o:juniper:junos:21.3:r3-s4:::::: cpe:2.3:o:juniper:junos:21.1:r3-s5:::::: cpe:2.3:o:juniper:junos:20.4:r2:::::: cpe:2.3:o:juniper:junos:20.4:r3-s4:::::: cpe:2.3:o:juniper:junos:20.4:r3-s5:::::: cpe:2.3:o:juniper:junos:21.3:-:::::: cpe:2.3:o:juniper:junos:::::::: cpe:2.3:o:juniper:junos:21.1:r1-s1:::::: cpe:2.3:o:juniper:junos:21.3:r1-s2:::::: cpe:2.3:o:juniper:junos:21.1:r2:::::: cpe:2.3:o:juniper:junos:21.1:r3:::::: cpe:2.3:o:juniper:junos:21.3:r1:::::: cpe:2.3:o:juniper:junos:21.3:r2-s1::::::	cpe:2.3:o:juniper:junos:22.1:r3-s4:::::: cpe:2.3:o:juniper:junos:21.2:r3-s7:::::: cpe:2.3:o:juniper:junos:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos:22.3:r3:::::: cpe:2.3:o:juniper:junos:22.2:r3-s2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s5:::::: cpe:2.3:o:juniper:junos:22.3:r3-s1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s1::::::

25 Jan 2024, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-27 15:18

Updated : 2025-10-24 16:42

NVD link : CVE-2023-36851

Mitre link : CVE-2023-36851

CVE.ORG link : CVE-2023-36851

JSON object : View

Products Affected

juniper

srx340
ex2300-48mp
srx1400
ex4300m
srx210
srx550
ex2300-c
ex2300m
ex3200
srx4000
ex4650
ex4600-vc
ex8200
ex8200-vc
srx4100
ex4300-mp
ex4300-48p
ex4300
ex4300-24p-s
ex4600
ex4300-48tdc
ex4300-32f
srx220
ex2300-24p
ex9208
ex4300-48tdc-afi
ex3400
ex9214
ex4300-24p
ex6200
ex9250
ex4200
srx5600
srx110
ex8208
ex9204
srx240h2
ex4500-vc
ex8216
ex4300-vc
ex4200-vc
ex4300-32f-dc
srx3600
srx4200
srx550_hm
ex4300-32f-s
ex4300-24t
ex4300-48p-s
ex6210
srx345
ex4550
ex9200
srx5400
srx100
ex4300-48t-dc-afi
ex4400
ex2300-48p
ex4300-48mp
srx5800
ex4300-48t-s
ex4300-48mp-s
srx3400
ex4300-24t-s
ex4300-48t
srx4600
ex4550-vc
ex3300-vc
srx5000
ex9253
srx550m
ex2200
junos
ex4300-48t-dc
srx1500
srx320
srx650
ex4300-48tafi
ex4300-48t-afi
srx240
ex2300
srx300
ex4550\/vc
ex4500
ex2300-48t
ex2300-24t
ex2300-24mp
ex9251
srx380
srx240m
ex2200-c
ex3300
ex2200-vc

CWE

CWE-306

Missing Authentication for Critical Function

5.3 /10