CVE-2023-36847 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) affecting Juniper Networks Junos OS running on EX Series switches. The flaw exists in the J-Web management interface, specifically in the installAppPackage.php endpoint, which does not require authentication. This allows an unauthenticated attacker with network access to upload arbitrary files to the device. The consequence is a loss of integrity in parts of the file system, which could be leveraged to chain additional exploits or cause operational disruptions. The vulnerability spans multiple Junos OS versions, including all versions prior to 20.4R3-S8 and various releases in the 21.x and 22.x series up to 22.4R2-S1 and 22.4R3. The CVSS 3.1 base score is 5.3, reflecting medium severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact is limited to integrity loss without direct confidentiality or availability impact. No public exploits have been reported yet, but the potential for file system manipulation makes this a concern for network administrators. Juniper’s EX Series switches are widely used in enterprise and service provider networks, making this vulnerability relevant for critical infrastructure protection.

For European organizations, exploitation of this vulnerability could compromise the integrity of network infrastructure devices, potentially allowing attackers to upload malicious files that disrupt switch operation or facilitate further attacks such as privilege escalation or persistent backdoors. This could lead to network outages, degraded performance, or unauthorized network control. Critical sectors such as telecommunications, finance, government, and energy that rely on Juniper EX Series switches for core networking could experience operational disruptions and data integrity issues. The lack of authentication requirement and network-based attack vector increase the risk, especially in environments where J-Web interfaces are exposed or insufficiently segmented. Although availability and confidentiality impacts are not directly indicated, the integrity compromise could cascade into broader security incidents. The medium severity rating suggests a moderate but non-trivial risk that requires prompt attention to avoid exploitation.

1. Immediately upgrade affected Junos OS versions to the fixed releases specified by Juniper Networks (e.g., 20.4R3-S8 or later, 21.2R3-S6 or later, 22.4R2-S1 or later). 2. Restrict access to the J-Web management interface to trusted networks only, ideally via VPN or dedicated management VLANs. 3. Implement network segmentation and firewall rules to limit exposure of management interfaces to untrusted sources. 4. Monitor network traffic for unusual requests to installAppPackage.php or other suspicious activity targeting the J-Web interface. 5. Employ intrusion detection/prevention systems (IDS/IPS) with signatures for this vulnerability once available. 6. Conduct regular audits of device configurations and file system integrity to detect unauthorized changes. 7. Educate network administrators on the risks of exposing management interfaces and enforce strong access controls. 8. Maintain an up-to-date inventory of Juniper EX Series devices and their software versions to prioritize patching efforts.