CVE-2023-36847CISA KEVEPSS p99.7%

CVE-2023-36847Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability

Juniper / Junos OS

Description

Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

Scoring

EPSS84.69% probability of exploitation · percentile 99.7% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2023-11-13

(incoming)1

TypeTargetConfidenceTier
KEVEntryJuniper Junos OS EX Series Missing Authentication for Critical Function Vulnerabilitykev-cve-2023-368470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
CVE
Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
CVE
Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
CVE
Juniper Junos OS Path Traversal Vulnerability
CVE
CVE-2026-33785
CVE
CVE-2025-59978
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.