Description

Multiple vulnerabilities in J-Web of Juniper could allow an unauthenticated remote attacker to execute artibirary code and compormise the device.

Remediation

Upgrade to the latest version of Juniper Junos OS J-Web.

References

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution

CVE-2023-36844 And Friends: RCE In Juniper Devices

Fileless Remote Code Execution on Juniper Firewalls

Related Vulnerabilities

phpMyAdmin v3.5.2.2 backdoor

GhostScript RCE (Remote Code Execution)

WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9)

GeoServer RCE (CVE-2024-36401)

Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850)

Severity

Critical

Classification

CVE-2023-36845 CVE-2023-36846 CWE-473 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Code Execution