November 13, 2023 · Applied Cybernetics Group
CVE-2023-36851 — Juniper Junos OS
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
- Added to KEV
2023-11-13- Federal due date
2023-11-17- Vendor
- Juniper
- Product
- Junos OS
- EPSS
- 94.7th percentile (score 0.149, as of
2026-06-08) - NVD CVSS v3.1
- —
- Ransomware use
- Unknown
- Upstream
- https://nvd.nist.gov/vuln/detail/CVE-2023-36851
CISA short description
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.