CVE-2023-36845

CVE Published	2023-08-17
Related CWE(s)	CWE-473: PHP External Variable Modification
Related Vendor(s)	juniper
Related Product(s)	junos
Exploitation Reported (CISA KEV)	2023-11-13
CVSS 3 Base Score	9.8 (CRITICAL)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	NETWORK

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series

and SRX Series

allows an unauthenticated, network-based attacker to remotely execute code.

Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.

This issue affects Juniper Networks Junos OS on EX Series

and

SRX Series:

All versions prior to

20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions

prior to

22.1R3-S4; * 22.2 versions

prior to

22.2R3-S2; * 22.3 versions

prior to

22.3R2-S2, 22.3R3-S1; * 22.4 versions

prior to

22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

Manipulating User-Controlled Variables (CAPEC-77)

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.

References

CVE-2023-36845

Cyber Threat Graph Context

Associated CAPEC Patterns

Manipulating User-Controlled Variables (CAPEC-77)

References

CVE.org

NIST National Vulnerability Database

CISA Known Exploited Vulnerabilities