Lucene search
HistoryAug 17, 2023 - 8:15 p.m.
CVE-2023-36844
php
external variable modification
j-web
juniper networks
junos os
ex series
vulnerability
unauthenticated
network-based
environment variables
integrity loss
cve-2023-36844
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
5.6
Confidence
High
EPSS
0.445
Percentile
97.5%
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.
Using a crafted request an attacker is able to modify
certain PHP environment variablesย leading to partial loss of integrity,ย which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on EX Series:
- All versions prior to 20.4R3-S9;
- 21.1 versions 21.1R1 and later;
- 21.2 versions prior to 21.2R3-S7;
- 21.3 versions
prior to
21.3R3-S5;
- 21.4 versions
prior to
21.4R3-S5;
- 22.1 versions
prior to
22.1R3-S4;
- 22.2 versions
prior to
22.2R3-S2;
- 22.3 versions
prior to 22.3R3-S1;
- 22.4 versions
prior to
22.4R2-S2, 22.4R3;
- 23.2 versions prior to
23.2R1-S1, 23.2R2.
Affected configurations
Node
juniperex2200Match-
ORjuniperex2200-cMatch-
ORjuniperex2200-vcMatch-
ORjuniperex2300Match-
ORjuniperex2300-24mpMatch-
ORjuniperex2300-24pMatch-
ORjuniperex2300-24tMatch-
ORjuniperex2300-48mpMatch-
ORjuniperex2300-48pMatch-
ORjuniperex2300-48tMatch-
ORjuniperex2300-cMatch-
ORjuniperex2300mMatch-
ORjuniperex3200Match-
ORjuniperex3300Match-
ORjuniperex3300-vcMatch-
ORjuniperex3400Match-
ORjuniperex4200Match-
ORjuniperex4200-vcMatch-
ORjuniperex4300Match-
ORjuniperex4300-24pMatch-
ORjuniperex4300-24p-sMatch-
ORjuniperex4300-24tMatch-
ORjuniperex4300-24t-sMatch-
ORjuniperex4300-32fMatch-
ORjuniperex4300-32f-dcMatch-
ORjuniperex4300-32f-sMatch-
ORjuniperex4300-48mpMatch-
ORjuniperex4300-48mp-sMatch-
ORjuniperex4300-48pMatch-
ORjuniperex4300-48p-sMatch-
ORjuniperex4300-48tMatch-
ORjuniperex4300-48t-afiMatch-
ORjuniperex4300-48t-dcMatch-
ORjuniperex4300-48t-dc-afiMatch-
ORjuniperex4300-48t-sMatch-
ORjuniperex4300-48tafiMatch-
ORjuniperex4300-48tdcMatch-
ORjuniperex4300-48tdc-afiMatch-
ORjuniperex4300-mpMatch-
ORjuniperex4300-vcMatch-
ORjuniperex4300mMatch-
ORjuniperex4400Match-
ORjuniperex4500Match-
ORjuniperex4500-vcMatch-
ORjuniperex4550Match-
ORjuniperex4550-vcMatch-
ORjuniperex4550\/vcMatch-
ORjuniperex4600Match-
ORjuniperex4600-vcMatch-
ORjuniperex4650Match-
ORjuniperex6200Match-
ORjuniperex6210Match-
ORjuniperex8200Match-
ORjuniperex8200-vcMatch-
ORjuniperex8208Match-
ORjuniperex8216Match-
ORjuniperex9200Match-
ORjuniperex9204Match-
ORjuniperex9208Match-
ORjuniperex9214Match-
ORjuniperex9250Match-
ORjuniperex9251Match-
ORjuniperex9253Match-
juniperjunosRange<20.4
ORjuniperjunosMatch20.4-
ORjuniperjunosMatch20.4r1
ORjuniperjunosMatch20.4r1-s1
ORjuniperjunosMatch20.4r2
ORjuniperjunosMatch20.4r2-s1
ORjuniperjunosMatch20.4r2-s2
ORjuniperjunosMatch20.4r3
ORjuniperjunosMatch20.4r3-s1
ORjuniperjunosMatch20.4r3-s2
ORjuniperjunosMatch20.4r3-s3
ORjuniperjunosMatch20.4r3-s4
ORjuniperjunosMatch20.4r3-s5
ORjuniperjunosMatch20.4r3-s6
ORjuniperjunosMatch20.4r3-s7
ORjuniperjunosMatch20.4r3-s8
ORjuniperjunosMatch21.1r1
ORjuniperjunosMatch21.1r1-s1
ORjuniperjunosMatch21.1r2
ORjuniperjunosMatch21.1r2-s1
ORjuniperjunosMatch21.1r2-s2
ORjuniperjunosMatch21.1r3
ORjuniperjunosMatch21.1r3-s1
ORjuniperjunosMatch21.1r3-s2
ORjuniperjunosMatch21.1r3-s3
ORjuniperjunosMatch21.1r3-s4
ORjuniperjunosMatch21.1r3-s5
ORjuniperjunosMatch21.2-
ORjuniperjunosMatch21.2r1
ORjuniperjunosMatch21.2r1-s1
ORjuniperjunosMatch21.2r1-s2
ORjuniperjunosMatch21.2r2
ORjuniperjunosMatch21.2r2-s1
ORjuniperjunosMatch21.2r2-s2
ORjuniperjunosMatch21.2r3
ORjuniperjunosMatch21.2r3-s1
ORjuniperjunosMatch21.2r3-s2
ORjuniperjunosMatch21.2r3-s3
ORjuniperjunosMatch21.2r3-s4
ORjuniperjunosMatch21.2r3-s5
ORjuniperjunosMatch21.2r3-s6
ORjuniperjunosMatch21.3-
ORjuniperjunosMatch21.3r1
ORjuniperjunosMatch21.3r1-s1
ORjuniperjunosMatch21.3r1-s2
ORjuniperjunosMatch21.3r2
ORjuniperjunosMatch21.3r2-s1
ORjuniperjunosMatch21.3r2-s2
ORjuniperjunosMatch21.3r3
ORjuniperjunosMatch21.3r3-s1
ORjuniperjunosMatch21.3r3-s2
ORjuniperjunosMatch21.3r3-s3
ORjuniperjunosMatch21.3r3-s4
ORjuniperjunosMatch21.4-
ORjuniperjunosMatch21.4r1
ORjuniperjunosMatch21.4r1-s1
ORjuniperjunosMatch21.4r1-s2
ORjuniperjunosMatch21.4r2
ORjuniperjunosMatch21.4r2-s1
ORjuniperjunosMatch21.4r2-s2
ORjuniperjunosMatch21.4r3
ORjuniperjunosMatch21.4r3-s1
ORjuniperjunosMatch21.4r3-s2
ORjuniperjunosMatch21.4r3-s3
ORjuniperjunosMatch21.4r3-s4
ORjuniperjunosMatch22.1r1
ORjuniperjunosMatch22.1r1-s1
ORjuniperjunosMatch22.1r1-s2
ORjuniperjunosMatch22.1r2
ORjuniperjunosMatch22.1r2-s1
ORjuniperjunosMatch22.1r2-s2
ORjuniperjunosMatch22.1r3
ORjuniperjunosMatch22.1r3-s1
ORjuniperjunosMatch22.1r3-s2
ORjuniperjunosMatch22.1r3-s3
ORjuniperjunosMatch22.2r1
ORjuniperjunosMatch22.2r1-s1
ORjuniperjunosMatch22.2r1-s2
ORjuniperjunosMatch22.2r2
ORjuniperjunosMatch22.2r2-s1
ORjuniperjunosMatch22.2r2-s2
ORjuniperjunosMatch22.2r3
ORjuniperjunosMatch22.2r3-s1
ORjuniperjunosMatch22.3r1
ORjuniperjunosMatch22.3r1-s1
ORjuniperjunosMatch22.3r1-s2
ORjuniperjunosMatch22.3r2
ORjuniperjunosMatch22.3r2-s1
ORjuniperjunosMatch22.3r3
ORjuniperjunosMatch22.4r1
ORjuniperjunosMatch22.4r1-s1
ORjuniperjunosMatch22.4r1-s2
ORjuniperjunosMatch22.4r2
ORjuniperjunosMatch22.4r2-s1
ORjuniperjunosMatch23.2r1
Related
prion
prion
Code injection
2023-08-17 20:15:00
nessus
nessus
Juniper Junos OS Pre-Auth RCE (JSA72300)
2023-12-08 00:00:00
Juniper Junos OS Pre-Auth RCE (JSA72300)
2023-08-25 00:00:00
cisa_kev
cisa_kev
Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
2023-11-13 00:00:00
cve
cve
CVE-2023-36844
2023-08-17 20:15:10
cvelist
cvelist
attackerkb
attackerkb
CVE-2023-36845
2023-08-17 00:00:00
CVE-2023-36844
2023-08-17 00:00:00
metasploit
metasploit
Junos OS PHPRC Environment Variable Manipulation RCE
2023-09-20 20:47:05
zdt
zdt
Juniper SRX Firewall / EX Switch Remote Code Execution Exploit
2023-10-02 00:00:00
packetstorm
packetstorm
Juniper SRX Firewall / EX Switch Remote Code Execution
2023-10-02 00:00:00
nuclei
nuclei
Juniper J-Web - Remote Code Execution
2023-09-19 01:54:05
Juniper Devices - Remote Code Execution
2023-08-26 07:36:41
githubexploit
githubexploit
Exploit for PHP External Variable Modification in Juniper Junos
2023-09-20 02:32:56
Exploit for PHP External Variable Modification in Juniper Junos
2023-08-25 07:28:06
Exploit for PHP External Variable Modification in Juniper Junos
2023-09-24 13:30:09
thn
thn
rapid7blog
rapid7blog
Exploitation of Juniper Networks SRX Series and EX Series Devices
2023-08-31 20:23:59
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
5.6
Confidence
High
EPSS
0.445
Percentile
97.5%
Related for NVD:CVE-2023-36844