Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-36845

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

Published

2023-08-17T20:15:10.360

Last Modified

2025-03-10T20:31:09.807

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-473
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	juniper	junos	< 20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	20.4	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.1	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.2	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.3	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	21.4	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.1	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.2	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.3	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	22.4	Yes
Operating System	juniper	junos	23.2	Yes
Hardware	juniper	srx100	-	No
Hardware	juniper	srx110	-	No
Hardware	juniper	srx1400	-	No
Hardware	juniper	srx1500	-	No
Hardware	juniper	srx210	-	No
Hardware	juniper	srx220	-	No
Hardware	juniper	srx240	-	No
Hardware	juniper	srx240h2	-	No
Hardware	juniper	srx240m	-	No
Hardware	juniper	srx300	-	No
Hardware	juniper	srx320	-	No
Hardware	juniper	srx340	-	No
Hardware	juniper	srx3400	-	No
Hardware	juniper	srx345	-	No
Hardware	juniper	srx3600	-	No
Hardware	juniper	srx380	-	No
Hardware	juniper	srx4000	-	No
Hardware	juniper	srx4100	-	No
Hardware	juniper	srx4200	-	No
Hardware	juniper	srx4600	-	No
Hardware	juniper	srx5000	-	No
Hardware	juniper	srx5400	-	No
Hardware	juniper	srx550	-	No
Hardware	juniper	srx550_hm	-	No
Hardware	juniper	srx550m	-	No
Hardware	juniper	srx5600	-	No
Hardware	juniper	srx5800	-	No
Hardware	juniper	srx650	-	No

References

http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/176969/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry ([email protected])
https://supportportal.juniper.net/JSA72300 Vendor Advisory ([email protected])
http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/176969/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://supportportal.juniper.net/JSA72300 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)