What is CVE-2023-36846?

A medium-severity Missing Authentication for Critical Function vulnerability exists in Juniper Networks Junos OS affecting multiple versions. It allows unauthenticated attackers to impact file system integrity. Organizations must address this urgency to mitigate potential risks.

What is the severity of CVE-2023-36846?

CVE-2023-36846 has a severity rating of MEDIUM with a CVSS base score of 5.3.

Is CVE-2023-36846 in CISA KEV?

Yes. CVE-2023-36846 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2023-36846 | Medium Vulnerability in Juniper Junos OS

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series across multiple versions, including all versions prior to 20.4R3-S8, specific versions of 21.1, 21.2, 21.3, 21.4, 22.1, 22.2, 22.3, and 22.4. The CVSS score for this vulnerability is 5.3, which classifies it as medium severity.

Risk to organizations includes potential unauthorized access to sensitive file system parts, which can lead to further exploitation. Given the nature of this vulnerability and its exploitation status, organizations should prioritize patching immediately.

As this vulnerability is included in the Known Exploited Vulnerabilities (KEV) catalog, it has been recognized as a threat that requires immediate attention. Organizations must act swiftly to mitigate the risks associated with this vulnerability.

Vulnerability Details

The vulnerability identified as CVE-2023-36846 is a Missing Authentication for Critical Function in Junos OS. This vulnerability allows an unauthenticated attacker to exploit the system through arbitrary file uploads, leading to potential integrity loss. The vulnerability affects various versions of Junos OS, with specific details outlined above.

Technical Analysis

The root cause of this vulnerability stems from insufficient authentication mechanisms in the J-Web interface. The attack vector is network-based, meaning an attacker does not need physical access to exploit the vulnerability. The attack complexity is classified as low, and no user interaction is required, making this vulnerability particularly dangerous. Though it does not impact confidentiality or availability, it poses a low integrity risk, which can lead to further exploitation.

Risk & Impact Analysis

The deployment risk for organizations is substantial, as an unauthenticated attacker can exploit this vulnerability remotely. The impact on the organization can be significant, potentially allowing unauthorized access to sensitive parts of the file system. Organizations must consider the blast radius of such an attack, as it may enable further exploitation of additional vulnerabilities. Given the medium CVSS score of 5.3 and its inclusion in the KEV catalog, organizations should assess their risk posture and address this vulnerability in their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

All versions prior to 20.4R3-S8 are affected, along with several specific versions across 21.1, 21.2, 21.3, 21.4, 22.1, 22.2, 22.3, and 22.4.

Mitigation & Remediation

Organizations should apply the latest patches provided by Juniper Networks to remediate this vulnerability. If patches are unavailable, organizations may need to consider discontinuing the use of affected products until mitigations can be applied effectively. For more details on remediation, refer to the Juniper advisory.

Detection Guidance

Monitoring for unauthorized file uploads and reviewing logs for unusual access patterns are critical for detection. Organizations should also look for behavioral anomalies in the J-Web interface usage.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2023-36846 highlights the importance of robust authentication mechanisms in network devices. This vulnerability is part of a broader trend where critical function vulnerabilities can lead to severe integrity breaches. Security teams should focus on strengthening authentication processes and regularly auditing configurations to minimize risks.

For further insights on continuous security practices, organizations can explore our services on continuous penetration testing and other security assessments.

Consider reviewing our vulnerability management program design to better understand how to mitigate similar vulnerabilities.

For organizations looking to enhance their security posture, understanding the implications of vulnerabilities like CVE-2023-36846 is essential. The lessons learned from this case can guide strategic decisions in cybersecurity.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-36846: Medium Vulnerability in Juniper Junos OS