CVE-2023-36845

NVD Published Date: August 17, 2023 at 08:15 PM
NVD Last Modified: June 27, 2024 at 02:42 PM
Download Patch
Vulnerability ID
CVE-2023-36845
Severity
CRITICAL
Severity Score
9.8
Summary
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
NVD-CWE-Other

Recent Publish

CVE-2023-38035

CVE-2023-42793

CVE-2023-22515

CVE-2023-34048

CVE-2023-43208

CVE-2023-46747

See SecOps Solution
in action

Schedule Demo