CVE-2023-36846

MEDIUM KEV

Juniper Junos OS on SRX Series < 22.4R3 - Unauthenticated Arbitrary File Upload via J-Web

Title source: llm

Exploitation Summary

CVE-2023-36846 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 13, 2023. EIP tracks 4 public exploits from researchers including Chocapikk.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-36846, targeting Juniper JunOS SRX and EX Series. The exploit leverages a missing authentication vulnerability to upload arbitrary files via J-Web, leading to remote code execution.

Description

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

Exploits (4)

nomisec WORKING POC 4 stars

by Chocapikk · remote

https://github.com/Chocapikk/CVE-2023-36846

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-36846, targeting Juniper JunOS SRX and EX Series. The exploit leverages a missing authentication vulnerability to upload arbitrary files via J-Web, leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Juniper JunOS (SRX and EX Series) versions prior to 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S3, 22.2R3-S2, 22.3R2-S2, 22.3R3, 22.4R2-S1, 22.4R3

No auth needed

Prerequisites: Network access to the J-Web interface of the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

vulncheck_xdb WORKING POC

remote

https://github.com/iveresk/CVE-2023-36845-6-

View Code ZIP pw:eip

The repository contains a functional exploit script for CVE-2023-36846, targeting Juniper Junos OS J-Web. The script sends a crafted HTTP request to trigger remote code execution by manipulating the PHPRC environment variable.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Juniper Junos OS J-Web

No auth needed

Prerequisites: target IP or file containing target IPs

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 25, 2026 Full analysis →

vulncheck_xdb WORKING POC

remote

https://github.com/r3dcl1ff/CVE-2023-36844_Juniper_RCE

View Code ZIP pw:eip

This repository contains a functional exploit PoC for chaining multiple Juniper JunOS CVEs (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) to achieve remote code execution via PHP file upload and INI file manipulation. The exploit uploads a malicious PHP file and an INI file to trigger arbitrary PHP function execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Juniper JunOS (SRX and EX Series)

No auth needed

Prerequisites: Network access to the target Juniper device · Web interface exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 25, 2026 Full analysis →

vulncheck_xdb WORKING POC

remote

https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844

View Code ZIP pw:eip

This repository contains a functional exploit PoC for chaining multiple Juniper JunOS vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) to achieve pre-authentication remote code execution. The exploit uploads a malicious PHP file and a PHP configuration file to trigger arbitrary code execution via environment variable manipulation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Juniper JunOS (SRX and EX Series)

No auth needed

Prerequisites: Network access to the target J-Web interface · Vulnerable version of Juniper JunOS

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36846

Vendor Advisory vendor-advisory mitigation

https://supportportal.juniper.net/JSA72300

Scores

CVSS v3 5.3

EPSS 0.9428

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2023-11-13

VulnCheck KEV 2023-08-29

InTheWild.io 2023-11-08

ENISA EUVD EUVD-2023-40766

CWE

CWE-306

Status published

Products (4)

juniper/junos 20.4 (14 CPE variants)

juniper/junos 21.1 r1 (11 CPE variants)

juniper/junos 21.2 (13 CPE variants)

juniper/junos 21.3 (12 CPE variants)

Published Aug 17, 2023

KEV Added Nov 13, 2023

Tracked Since Feb 18, 2026