A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2023-08-17T19:17:47.904Z

Updated: 2024-08-02T17:01:09.911Z

Reserved: 2023-06-27T16:17:25.277Z

Link: CVE-2023-36844

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-08-17T20:15:10.267

Modified: 2024-11-21T08:10:43.983

Link: CVE-2023-36844

cve-icon Redhat

No data.