PatchSiren cyber security CVE debrief
CVE-2023-36851 Juniper CVE debrief
CVE-2023-36851 is a Juniper Junos OS SRX Series vulnerability described as a missing authentication issue for a critical function. It was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on 2023-11-13, which makes it a high-priority item for defenders. The supplied official records do not include CVSS data or detailed affected-version scope, so the safest response is to treat exposed Juniper SRX environments as urgent review items and follow vendor mitigation guidance immediately.
- Vendor
- Juniper
- Product
- Junos OS
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2023-11-13
- Original CVE updated
- 2023-11-13
- Advisory published
- 2023-11-13
- Advisory updated
- 2023-11-13
Who should care
Security and network teams responsible for Juniper SRX appliances running Junos OS, especially organizations that expose management or security services on perimeter devices. Asset owners should also care if they depend on SRX devices for internet-facing or business-critical connectivity.
Technical summary
The available source corpus identifies the issue as a Junos OS SRX Series missing-authentication vulnerability affecting a critical function. CISA’s KEV listing confirms it is considered actively exploited or important enough for mandatory remediation timing. The official references provided are the CVE record, NVD entry, CISA KEV catalog, and a Juniper advisory link cited in the KEV notes. No CVSS score, version range, or exploit mechanism details were supplied in the corpus.
Defensive priority
High priority: this CVE is in CISA’s KEV catalog and should be addressed immediately, using vendor mitigations or by discontinuing use of the product if mitigations are unavailable.
Recommended defensive actions
- Inventory Juniper Junos OS SRX devices and determine whether any are exposed or business critical.
- Review the Juniper vendor advisory referenced by CISA and apply the recommended mitigations or updates as soon as possible.
- If mitigations are unavailable for a deployed device, follow CISA guidance and discontinue use of the product.
- Restrict administrative and management access to SRX devices while remediation is underway.
- Monitor Juniper and CISA advisories for any additional guidance or updates related to this CVE.
Evidence notes
Timing and prioritization are based on the supplied CVE publication date of 2023-11-13 and the CISA KEV metadata showing the same date added and a due date of 2023-11-17. The corpus supports only the high-level vulnerability description and KEV status; it does not provide CVSS scoring, affected versions, or technical exploit details. All statements here are limited to the supplied official records and metadata.
Official resources
-
CVE-2023-36851 CVE record
CVE.org
-
CVE-2023-36851 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
Publicly disclosed and listed in CISA’s KEV catalog on 2023-11-13.