QID 150744
Date Published: 2023-11-17
QID 150744: Juniper Network Operating System (Junos OS) Remote Code Execution (RCE) Vulnerability (CVE-2023-36845)
Juniper Junos is the network operating system used in Juniper Networks hardware systems.
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.
These issues affect Juniper Networks Junos OS on SRX Series and EX Series:
All versions prior to 20.4R3-S9
21.1 version 21.1R1 and later versions
21.2 versions prior to 21.2R3-S7
21.3 versions prior to 21.3R3-S5
21.4 versions prior to 21.4R3-S5
22.1 versions prior to 22.1R3-S4
22.2 versions prior to 22.2R3-S2
22.3 versions prior to 22.3R2-S2, 22.3R3-S1
22.4 versions prior to 22.4R2-S1, 22.4R3
23.2 versions prior to 23.2R1-S1, 23.2R2
QID detection logic: (Unauthenticated)
This QID sends an HTTP POST request with a payload to access the server file /etc/passwd and, based on the response, confirms if the target is vulnerable.
Successful exploitation of the vulnerability may allow a remote attacker to execute arbitrary code.
supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US