CVE-2023-36844

🗓️ 17 Aug 2023 19:17:47Reported by juniperType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 468 Views

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities

Reporter	Title	Published	Views	Family All 34
0day.today	Juniper SRX Firewall / EX Switch Remote Code Execution Exploit	2 Oct 202300:00	–	zdt
GithubExploit	Exploit for PHP External Variable Modification in Juniper Junos	25 Aug 202307:28	–	githubexploit
GithubExploit	Exploit for PHP External Variable Modification in Juniper Junos	20 Sep 202302:32	–	githubexploit
Gitee	Exploit for PHP External Variable Modification in Juniper Junos	30 Apr 202410:13	–	gitee
ATTACKERKB	CVE-2023-36844	17 Aug 202300:00	–	attackerkb
ATTACKERKB	CVE-2023-36845	17 Aug 202300:00	–	attackerkb
BDU FSTEC	The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX devices allows a hacker to execute arbitrary code.	23 Aug 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX and EX devices allows a attacker to compromise data integrity.	30 Aug 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the J-Web interface in Juniper Networks Junos OS-based SRX and EX devices allows a attacker to compromise data integrity.	30 Aug 202300:00	–	bdu_fstec
Circl	CVE-2023-36844	18 Aug 202300:37	–	circl

NVD

Vulners

Node

juniper junosRange<20.4

juniper junosMatch20.4-

juniper junosMatch20.4r1

juniper junosMatch20.4r1-s1

juniper junosMatch20.4r2

juniper junosMatch20.4r2-s1

juniper junosMatch20.4r2-s2

juniper junosMatch20.4r3

juniper junosMatch20.4r3-s1

juniper junosMatch20.4r3-s2

juniper junosMatch20.4r3-s3

juniper junosMatch20.4r3-s4

juniper junosMatch20.4r3-s5

juniper junosMatch20.4r3-s6

juniper junosMatch20.4r3-s7

juniper junosMatch20.4r3-s8

juniper junosMatch21.1r1

juniper junosMatch21.1r1-s1

juniper junosMatch21.1r2

juniper junosMatch21.1r2-s1

juniper junosMatch21.1r2-s2

juniper junosMatch21.1r3

juniper junosMatch21.1r3-s1

juniper junosMatch21.1r3-s2

juniper junosMatch21.1r3-s3

juniper junosMatch21.1r3-s4

juniper junosMatch21.1r3-s5

juniper junosMatch21.2-

juniper junosMatch21.2r1

juniper junosMatch21.2r1-s1

juniper junosMatch21.2r1-s2

juniper junosMatch21.2r2

juniper junosMatch21.2r2-s1

juniper junosMatch21.2r2-s2

juniper junosMatch21.2r3

juniper junosMatch21.2r3-s1

juniper junosMatch21.2r3-s2

juniper junosMatch21.2r3-s3

juniper junosMatch21.2r3-s4

juniper junosMatch21.2r3-s5

juniper junosMatch21.2r3-s6

juniper junosMatch21.3-

juniper junosMatch21.3r1

juniper junosMatch21.3r1-s1

juniper junosMatch21.3r1-s2

juniper junosMatch21.3r2

juniper junosMatch21.3r2-s1

juniper junosMatch21.3r2-s2

juniper junosMatch21.3r3

juniper junosMatch21.3r3-s1

juniper junosMatch21.3r3-s2

juniper junosMatch21.3r3-s3

juniper junosMatch21.3r3-s4

juniper junosMatch21.4-

juniper junosMatch21.4r1

juniper junosMatch21.4r1-s1

juniper junosMatch21.4r1-s2

juniper junosMatch21.4r2

juniper junosMatch21.4r2-s1

juniper junosMatch21.4r2-s2

juniper junosMatch21.4r3

juniper junosMatch21.4r3-s1

juniper junosMatch21.4r3-s2

juniper junosMatch21.4r3-s3

juniper junosMatch21.4r3-s4

juniper junosMatch22.1r1

juniper junosMatch22.1r1-s1

juniper junosMatch22.1r1-s2

juniper junosMatch22.1r2

juniper junosMatch22.1r2-s1

juniper junosMatch22.1r2-s2

juniper junosMatch22.1r3

juniper junosMatch22.1r3-s1

juniper junosMatch22.1r3-s2

juniper junosMatch22.1r3-s3

juniper junosMatch22.2r1

juniper junosMatch22.2r1-s1

juniper junosMatch22.2r1-s2

juniper junosMatch22.2r2

juniper junosMatch22.2r2-s1

juniper junosMatch22.2r2-s2

juniper junosMatch22.2r3

juniper junosMatch22.2r3-s1

juniper junosMatch22.3r1

juniper junosMatch22.3r1-s1

juniper junosMatch22.3r1-s2

juniper junosMatch22.3r2

juniper junosMatch22.3r2-s1

juniper junosMatch22.3r3

juniper junosMatch22.4r1

juniper junosMatch22.4r1-s1

juniper junosMatch22.4r1-s2

juniper junosMatch22.4r2

juniper junosMatch23.2r1

AND

juniper ex2200Match-

juniper ex2200-cMatch-

juniper ex2200-vcMatch-

juniper ex2300Match-

juniper ex2300-24mpMatch-

juniper ex2300-24pMatch-

juniper ex2300-24tMatch-

juniper ex2300-48mpMatch-

juniper ex2300-48pMatch-

juniper ex2300-48tMatch-

juniper ex2300-cMatch-

juniper ex2300mMatch-

juniper ex3200Match-

juniper ex3300Match-

juniper ex3300-vcMatch-

juniper ex3400Match-

juniper ex4200Match-

juniper ex4200-vcMatch-

juniper ex4300Match-

juniper ex4300-24pMatch-

juniper ex4300-24p-sMatch-

juniper ex4300-24tMatch-

juniper ex4300-24t-sMatch-

juniper ex4300-32fMatch-

juniper ex4300-32f-dcMatch-

juniper ex4300-32f-sMatch-

juniper ex4300-48mpMatch-

juniper ex4300-48mp-sMatch-

juniper ex4300-48pMatch-

juniper ex4300-48p-sMatch-

juniper ex4300-48tMatch-

juniper ex4300-48t-afiMatch-

juniper ex4300-48t-dcMatch-

juniper ex4300-48t-dc-afiMatch-

juniper ex4300-48t-sMatch-

juniper ex4300-48tafiMatch-

juniper ex4300-48tdcMatch-

juniper ex4300-48tdc-afiMatch-

juniper ex4300-mpMatch-

juniper ex4300-vcMatch-

juniper ex4300mMatch-

juniper ex4400Match-

juniper ex4500Match-

juniper ex4500-vcMatch-

juniper ex4550Match-

juniper ex4550-vcMatch-

juniper ex4550/vcMatch-

juniper ex4600Match-

juniper ex4600-vcMatch-

juniper ex4650Match-

juniper ex6200Match-

juniper ex6210Match-

juniper ex8200Match-

juniper ex8200-vcMatch-

juniper ex8208Match-

juniper ex8216Match-

juniper ex9200Match-

juniper ex9204Match-

juniper ex9208Match-

juniper ex9214Match-

juniper ex9250Match-

juniper ex9251Match-

juniper ex9253Match-

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "EX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S9",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.1*",
        "status": "affected",
        "version": "21.1",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S6",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S5",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S4",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S2",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S1",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S2, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R1-S1, 23.2R2",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html
supportportal	www.supportportal.juniper.net/JSA72300
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog