A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Nov. 13, 2023.

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Juniper
  • Junos
  • Srx100
  • Srx110
  • Srx1400
  • Srx1500
  • Srx210
  • Srx220
  • Srx240
  • Srx240h2
  • Srx240m
  • Srx300
  • Srx320
  • Srx340
  • Srx3400
  • Srx345
  • Srx3600
  • Srx380
  • Srx4000
  • Srx4100
  • Srx4200
  • Srx4600
  • Srx5000
  • Srx5400
  • Srx550
  • Srx550 Hm
  • Srx550m
  • Srx5600
  • Srx5800
  • Srx650

Configuration 1 [-]

AND
OR cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.4:r3-s8:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.1:r3-s5:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.2:r3-s6:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*
OR cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*

No data.

References
Link Providers
http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html cve-icon cve-icon
http://packetstormsecurity.com/files/176969/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html cve-icon cve-icon
https://supportportal.juniper.net/JSA72300 cve-icon cve-icon
History

Thu, 13 Feb 2025 17:00:00 +0000

Type Values Removed Values Added
Description A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

Mon, 03 Feb 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2023-11-13'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:juniper:ex2200-c:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2200-vc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2300-24mp:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2300-24p:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2300-24t:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2300-48mp:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2300-48p:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2300-48t:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex2300m:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex3200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex3300-vc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex3300:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4200-vc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-24p-s:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-24p:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-24t-s:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-24t:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-32f-dc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-32f-s:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-32f:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48mp-s:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48mp:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48p-s:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48p:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48t-afi:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48t-dc-afi:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48t-dc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48t-s:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48t:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48tafi:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48tdc-afi:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-48tdc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-mp:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300-vc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4300m:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4500-vc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4550-vc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4550:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4550\/vc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4600-vc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex6200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex6210:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex8200-vc:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex8200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex8208:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex8216:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex9250:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex9251:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:ex9253:-:*:*:*:*:*:*:*
Vendors & Products Juniper ex2200
Juniper ex2200-c
Juniper ex2200-vc
Juniper ex2300
Juniper ex2300-24mp
Juniper ex2300-24p
Juniper ex2300-24t
Juniper ex2300-48mp
Juniper ex2300-48p
Juniper ex2300-48t
Juniper ex2300-c
Juniper ex2300m
Juniper ex3200
Juniper ex3300
Juniper ex3300-vc
Juniper ex3400
Juniper ex4200
Juniper ex4200-vc
Juniper ex4300
Juniper ex4300-24p
Juniper ex4300-24p-s
Juniper ex4300-24t
Juniper ex4300-24t-s
Juniper ex4300-32f
Juniper ex4300-32f-dc
Juniper ex4300-32f-s
Juniper ex4300-48mp
Juniper ex4300-48mp-s
Juniper ex4300-48p
Juniper ex4300-48p-s
Juniper ex4300-48t
Juniper ex4300-48t-afi
Juniper ex4300-48t-dc
Juniper ex4300-48t-dc-afi
Juniper ex4300-48t-s
Juniper ex4300-48tafi
Juniper ex4300-48tdc
Juniper ex4300-48tdc-afi
Juniper ex4300-mp
Juniper ex4300-vc
Juniper ex4300m
Juniper ex4400
Juniper ex4500
Juniper ex4500-vc
Juniper ex4550
Juniper ex4550-vc
Juniper ex4550\/vc
Juniper ex4600
Juniper ex4600-vc
Juniper ex4650
Juniper ex6200
Juniper ex6210
Juniper ex8200
Juniper ex8200-vc
Juniper ex8208
Juniper ex8216
Juniper ex9200
Juniper ex9204
Juniper ex9208
Juniper ex9214
Juniper ex9250
Juniper ex9251
Juniper ex9253
cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published:

Updated: 2025-02-13T16:56:28.897Z

Reserved: 2023-06-27T16:17:25.277Z

Link: CVE-2023-36845

cve-icon Vulnrichment

Updated: 2024-08-02T17:01:09.559Z

cve-icon NVD

Status : Modified

Published: 2023-08-17T20:15:10.360

Modified: 2025-02-13T17:16:43.583

Link: CVE-2023-36845

cve-icon Redhat

No data.