CVE-2023-36845

Summary

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series

and SRX Series

allows an unauthenticated, network-based attacker to remotely execute code.

Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.

This issue affects Juniper Networks Junos OS on EX Series

and

SRX Series:

  • All versions prior to

20.4R3-S9;

  • 21.1 versions 21.1R1 and later;
  • 21.2 versions prior to 21.2R3-S7;
  • 21.3 versions prior to 21.3R3-S5;
  • 21.4 versions prior to 21.4R3-S5;
  • 22.1 versions

prior to

22.1R3-S4;

  • 22.2 versions

prior to

22.2R3-S2;

  • 22.3 versions

prior to

22.3R2-S2, 22.3R3-S1;

  • 22.4 versions

prior to

22.4R2-S1, 22.4R3;

  • 23.2 versions prior to 23.2R1-S1, 23.2R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 20.4R3-S9affected
Juniper NetworksJunos OS21.1 < 21.1*affected
Juniper NetworksJunos OS21.2 < 21.2R3-S7affected
Juniper NetworksJunos OS21.3 < 21.3R3-S5affected
Juniper NetworksJunos OS21.4 < 21.4R3-S5affected
Juniper NetworksJunos OS22.1 < 22.1R3-S4affected
Juniper NetworksJunos OS22.2 < 22.2R3-S2affected
Juniper NetworksJunos OS22.3 < 22.3R2-S2, 22.3R3-S1affected
Juniper NetworksJunos OS22.4 < 22.4R2-S1, 22.4R3affected
Juniper NetworksJunos OS23,2 < 23.2R1-S1, 23.2R2affected

Weaknesses

  • CWE-473: CWE-473 PHP External Variable Modification

Workarounds

Disable J-Web, or limit access to only trusted hosts.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References