PatchSiren cyber security CVE debrief
CVE-2023-36847 Juniper CVE debrief
CVE-2023-36847 is a Juniper Junos OS EX Series vulnerability described as a missing authentication for a critical function issue. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-11-13, which means defenders should treat it as actively abused and prioritize mitigation immediately. The official CISA guidance is to apply vendor mitigations or discontinue use of the product if mitigations are unavailable.
- Vendor
- Juniper
- Product
- Junos OS
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2023-11-13
- Original CVE updated
- 2023-11-13
- Advisory published
- 2023-11-13
- Advisory updated
- 2023-11-13
Who should care
Organizations running Juniper Junos OS on EX Series devices, especially teams responsible for network infrastructure, perimeter management, and device administration. Security operations teams should also care because the vulnerability is KEV-listed and has a CISA remediation deadline.
Technical summary
The issue is classified as a missing authentication vulnerability affecting a critical function in Juniper Junos OS EX Series. In practical defensive terms, the flaw indicates that a sensitive function may be reachable without the expected authentication controls. CISA’s KEV inclusion signals confirmed exploitation in the wild, so exposure should be treated as urgent even without a published CVSS score in the provided corpus.
Defensive priority
Urgent. This CVE is in CISA’s Known Exploited Vulnerabilities catalog with a due date of 2023-11-17, so remediation or compensating controls should be executed immediately.
Recommended defensive actions
- Identify all Juniper Junos OS EX Series devices in the environment and confirm whether they are exposed to the affected condition.
- Apply vendor-provided mitigations as directed by Juniper and CISA.
- If mitigations are not available or cannot be applied promptly, discontinue use of the affected product or isolate it from untrusted access.
- Restrict management-plane access to trusted administrative networks only.
- Monitor affected devices for unexpected administrative activity, configuration changes, or other signs of misuse.
- Validate that remediation was completed before the CISA due date and document any exceptions.
Evidence notes
All core facts are taken from the supplied CISA KEV source item and the official CVE/NVD records linked in the corpus. The KEV entry identifies the vendor as Juniper, the product as Junos OS, the vulnerability name as a Junos OS EX Series missing authentication for critical function issue, and lists dateAdded 2023-11-13 with dueDate 2023-11-17. No CVSS score was provided in the supplied data.
Official resources
-
CVE-2023-36847 CVE record
CVE.org
-
CVE-2023-36847 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
Publicly disclosed in the supplied CVE and CISA KEV records on 2023-11-13.