{"uuid": "13cf8b03-fe5c-458b-b8c0-206b0433b353", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36846", "type": "seen", "source": "https://t.me/arpsyndicate/1031", "content": "#ExploitObserverAlert\n\nCVE-2023-36846\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-36846. A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.    With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of   integrity  for a certain\u00a0  part of the\u00a0file system, which may allow chaining to other vulnerabilities.   This issue affects Juniper Networks Junos OS on SRX Series:      *  All versions prior to 20.4R3-S8;   *  21.1 versions 21.1R1 and later;   *  21.2 versions prior to 21.2R3-S6;   *  21.3 versions   prior to    21.3R3-S5;   *  21.4 versions   prior to   21.4R3-S5;   *  22.1 versions   prior to   22.1R3-S3;   *  22.2 versions   prior to   22.2R3-S2;   *  22.3 versions   prior to   22.3R2-S2, 22.3R3;   *  22.4 versions   prior to   22.4R2-S1, 22.4R3.\n\nFIRST-EPSS: 0.017140000\nNVD-IS: 1.4\nNVD-ES: 3.9", "creation_timestamp": "2023-12-03T21:19:33.000000Z"}