Description

Multiple vulnerabilities in J-Web of Juniper could allow an unauthenticated remote attacker to execute artibirary code and compormise the device.

Remediation

Upgrade to the latest version of Juniper Junos OS J-Web.

References

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution

CVE-2023-36844 And Friends: RCE In Juniper Devices

Fileless Remote Code Execution on Juniper Firewalls

Related Vulnerabilities

Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface

Liferay TunnelServlet Deserialization Remote Code Execution

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)

WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3)

WordPress Plugin Product Lister for Walmart Remote Code Execution (1.0.1)

Severity

Critical

Classification

CVE-2023-36845 CVE-2023-36846 CWE-473 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Code Execution