CVE-2023-36846CISA KEVEPSS p99.8%

CVE-2023-36846Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Juniper / Junos OS

Description

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

Scoring

EPSS94.21% probability of exploitation · percentile 99.8% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2023-11-13

(incoming)1

TypeTargetConfidenceTier
KEVEntryJuniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerabilitykev-cve-2023-368460%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
CVE
Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
CVE
Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
CVE
CVE-2025-59968
CVE
CVE-2026-33785
CVE
Juniper Junos OS Path Traversal Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.