CVE-2023-36844

MEDIUM KEV RANSOMWARE NUCLEI

Juniper Networks Junos OS on EX Series <20.4R3-S9 - PHP External Variable Modification

Title source: llm

Description

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

Exploits (3)

nomisec WORKING POC 114 stars
by watchtowrlabs · remote
https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844
nomisec WORKING POC 5 stars
by r3dcl1ff · remote
https://github.com/r3dcl1ff/CVE-2023-36844_Juniper_RCE
nomisec WORKING POC
by ThatNotEasy · remote
https://github.com/ThatNotEasy/CVE-2023-36844

Nuclei Templates (1)

Juniper Devices - Remote Code Execution
MEDIUMVERIFIEDby princechaddha,ritikchaddha
Shodan: title:"Juniper Web Device Manager"

References (3)

Scores

CVSS v3 5.3
EPSS 0.9430
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CISA KEV 2023-11-13
VulnCheck KEV 2023-08-29
InTheWild.io 2023-11-08
ENISA EUVD EUVD-2023-40764
Ransomware Use Confirmed
CWE
CWE-473
Status published
Products (4)
juniper/junos 20.4 (15 CPE variants)
juniper/junos 21.1 r1 (11 CPE variants)
juniper/junos 21.2 (14 CPE variants)
juniper/junos 21.3 (10 CPE variants)
Published Aug 17, 2023
KEV Added Nov 13, 2023
Tracked Since Feb 18, 2026