A
Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.
References
| Link | Resource |
|---|---|
| https://supportportal.juniper.net/JSA72300 | Vendor Advisory |
| https://supportportal.juniper.net/JSA72300 | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36847 | US Government Resource |
Configurations
Configuration 1 (hide)
| AND |
|
History
26 Feb 2026, 15:04
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:* |
cpe:2.3:o:juniper:junos:22.1:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.3:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:22.2:-:*:*:*:*:*:* |
25 Feb 2026, 17:22
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3. |
24 Oct 2025, 16:43
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36847 - US Government Resource |
21 Oct 2025, 23:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 20:19
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 19:20
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
27 Jan 2025, 21:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://supportportal.juniper.net/JSA72300 - Vendor Advisory |
21 Nov 2024, 08:10
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://supportportal.juniper.net/JSA72300 - Mitigation, Vendor Advisory |
27 Jun 2024, 14:36
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:* |
Information
Published : 2023-08-17 20:15
Updated : 2026-02-26 15:04
NVD link : CVE-2023-36847
Mitre link : CVE-2023-36847
CVE.ORG link : CVE-2023-36847
JSON object : View
Products Affected
- junos
- ex4600-vc
- ex3300
- ex8216
- ex2300-48t
- ex4200-vc
- ex4300-24p
- ex9208
- ex2300-48mp
- ex4300-48t-afi
- ex4400
- ex2300-24p
- ex4300-32f
- ex4500-vc
- ex4600
- ex4300-24t-s
- ex2300-48p
- ex4300-32f-s
- ex4200
- ex6210
- ex2200-c
- ex8208
- ex4300-48mp
- ex4300-mp
- ex8200
- ex9251
- ex4300-24t
- ex4500
- ex4300-48t-dc-afi
- ex4300-48p-s
- ex8200-vc
- ex9214
- ex2300-24mp
- ex4300-48tdc
- ex2200
- ex4300-32f-dc
- ex4300-48tafi
- ex4300-vc
- ex4550-vc
- ex4550
- ex3200
- ex4650
- ex4300
- ex9200
- ex2300-24t
- ex2300-c
- ex4300-48mp-s
- ex9204
- ex9253
- ex2200-vc
- ex4300-48p
- ex4300m
- ex4300-48t-dc
- ex4300-48t
- ex2300
- ex4300-48t-s
- ex4550\/vc
- ex6200
- ex9250
- ex3300-vc
- ex4300-48tdc-afi
- ex3400
- ex4300-24p-s
- ex2300m
CWE
CWE-306
Missing Authentication for Critical Function