⚠ Actively exploited
Added to CISA KEV on 2023-11-13. Federal agencies required to patch by 2023-11-17. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2023-36845Juniper RCE: PHP External Variable Modification in Networks Junos OS

CWE-473PHP External Variable Modification15 documents12 sources
Severity
9.8CRITICALNVD
EPSS
94.4%
top 0.04%
CISA KEV
KEV
Added 2023-11-13
Due 2023-11-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedAug 17
KEV addedNov 13
KEV dueNov 17
Latest updateOct 9
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.121.1*+9
NVDjuniper/junos< 20.4+10

🔴Vulnerability Details

3
CVEList
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable2023-08-17
GHSA
GHSA-q56g-qr28-qh57: A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, netw2023-08-17
VulnCheck
Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability2023

💥Exploits & PoCs

3
Exploit-DB
Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)2024-02-02
Nuclei
Juniper J-Web - Remote Code Execution
Nuclei
Juniper Devices - Remote Code Execution

🔍Detection Rules

2
Suricata
ET EXPLOIT Junos OS - Unauthenticated PHPRC Environmental Variable Modification M2 (CVE-2023-36844 CVE-2023-36845)2023-09-01
Suricata
ET EXPLOIT Junos OS - Unauthenticated PHPRC Environmental Variable Modification M1 (CVE-2023-36844 CVE-2023-36845)2023-09-01

📋Vendor Advisories

2
CISA
Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability2023-11-13
Juniper
CVE-2023-36845: A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, ne2023-08-17

🕵️Threat Intelligence

2
Bleepingcomputer
CISA warns of actively exploited Juniper pre-auth RCE exploit chain2023-11-13
Bleepingcomputer
Thousands of Juniper devices vulnerable to unauthenticated RCE flaw2023-09-18

📄Research Papers

1
CTF
Lyra's Tavern - Easy / README2025

💬Community

1
HackerOne
Remote code execution [CVE-2023-36845]2024-10-09
CVE-2023-36845 — Juniper RCE | cvebase