A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2023-08-17T19:17:57.183Z

Updated: 2024-08-02T17:01:09.559Z

Reserved: 2023-06-27T16:17:25.277Z

Link: CVE-2023-36845

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-08-17T20:15:10.360

Modified: 2024-11-21T08:10:44.177

Link: CVE-2023-36845

cve-icon Redhat

No data.