CVE-2023-36845
Last modified
CVE-2023-36845 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.. CISA has confirmed active exploitation in the wild. EPSS estimates a 93.55% chance of exploitation in the next 30 days.
Description
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Juniper | Junos | < 20.4 | — |
| Juniper | Junos | 20.4 | — |
| Juniper | Junos | 21.1 | R1 |
| Juniper | Junos | 21.2 | — |
| Juniper | Junos | 21.3 | — |
| Juniper | Junos | 21.4 | — |
| Juniper | Junos | 22.1 | R1 |
| Juniper | Junos | 22.2 | R1 |
| Juniper | Junos | 22.3 | R1 |
| Juniper | Junos | 22.4 | R1 |
| Juniper | Junos | 23.2 | R1 |
References
- http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/176969/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
- https://supportportal.juniper.net/JSA72300Vendor Advisory
- http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/176969/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
- https://supportportal.juniper.net/JSA72300Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36845US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-36845?
How severe is CVE-2023-36845?
How do I fix CVE-2023-36845?
Are you affected by CVE-2023-36845?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST