{"UnAuthenticated Remote Code Execution Vulnerability in Juniper Networks Junos OS"}
CVE-2023-36845

9.8CRITICAL

Key Information:

Vendor: Juniper Networks
Status: Junos Os
Vendor: CVE Published:; 17 August 2023

Badges

💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 85%🦅 CISA Reported📰 News Worthy

Summary

A vulnerability in Juniper Networks Junos OS affects the EX Series and SRX Series products by allowing an unauthenticated, network-based attacker to remotely execute code. By sending a crafted request that alters the PHPRC variable, an attacker can modify the PHP execution environment, leading to unauthorized code injection and execution. Users of affected versions should prioritize mitigating this issue to protect their systems from potential exploitation.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Junos OS EX Series 0 < 20.4R3-S9

Junos OS EX Series 21.1 < 21.1*

Junos OS EX Series 21.2 < 21.2R3-S7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2023-36845-scanner
Created by vulncheck-oss

CVE-2023-36845
Created by kljunowsky

Automation-for-Juniper-cve-2023-36845
Created by Asbawy