Intrusion PreventionJuniper.Networks.JUNOS.JWeb.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Juniper Networks JUNOS.
The vulnerability is due to missing authentication for critical function in the vulnerable application when handling requests. An unauthenticated attacker can exploit this to upload arbitrary files via J-Web with a crafted request, leading to a loss of integrity for a certain part of the file system .
Affected Products
Juniper Networks Junos OS on SRX Series:
All versions prior to 20.4R3-S8;
21.1 version 21.1R1 and later versions;
21.2 versions prior to 21.2R3-S6;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S5;
22.1 versions prior to 22.1R3-S3;
22.2 versions prior to 22.2R3-S2;
22.3 versions prior to 22.3R2-S2, 22.3R3;
22.4 versions prior to 22.4R2-S1, 22.4R3;
Juniper Networks Junos OS on EX Series:
All versions prior to 20.4R3-S8;
21.1 version 21.1R1 and later versions;
21.2 versions prior to 21.2R3-S6;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S4;
22.1 versions prior to 22.1R3-S3;
22.2 versions prior to 22.2R3-S1;
22.3 versions prior to 22.3R2-S2, 22.3R3;
22.4 versions prior to 22.4R2-S1, 22.4R3.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-03-21 | 27.753 | Name:Juniper. Networks. JUNOS. JWeb. Improper. Authentication:Juniper. Networks. JUNOS. JWeb. Authentication. Bypass |
| 2023-11-28 | 26.685 | Sig Added |
| 2023-09-28 | 25.646 | Default_action:pass:drop |
| 2023-09-13 | 25.637 |
| ID | 53595 |
| Created | Sep 05, 2023 |
| Updated | Mar 20, 2024 |
| Risk |
|
| CVE ID | CVE-2023-36846 CVE-2023-36847 |
| Known Exploited | Yes |
| Exploit Prediction Score | 2.69% |
| Default Action | drop |
| Active | |
| Affected OS | Other |
| Affected App | Other |