CVE-2023-36845CISA KEV: Actively Exploited

Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability

Published Nov 13, 2023·Updated Nov 13, 2023

Description

Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the PHP execution environment allowing the injection und execution of code.

Public Exploits & PoCs20 found

PoC: CVE-2023-36845

Python script to check if Juniper Firewalls are vulnerable to CVE-2023-36845 - RCE

1

PoC: CVE-2023-36845

Juniper JunOS J-Web PHP external variable modification (CVE-2023-36845) exploit.

PoC: cve-2023-36845-scanner

A go-exploit to scan for Juniper firewalls vulnerable to CVE-2023-36845 cve-2023-36845, go-exploit

PoC: CVE-2023-36845

Juniper Networks POC Understanding CVE-2023–36845 Remote Code Execution Exploit and Protection

PoC: CVE-2023-36845

CVE-2023-36845 – Unauthenticated Juniper Remote Code Execution Vulnerability Scanner

PoC: CVE-2023-36845

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code.

PoC: CVE-2023-36845

Juniper - Remote Code Execution (CVE-2023-36845) PreAuth-RCE Exploits

PoC: CVE-2023-36845-Juniper-Vulnerability

This Python script automates the Proof of Concept (PoC) for CVE-2023-36845, a vulnerability impacting Juniper Networks Junos OS on EX and SRX Series devices. The vulnerability resides in the J-Web component, allowing remote manipulation of the PHPRC variable, potentially leading to code injection.

PoC: CVE-2023-36845

CVES

PoC: CVE-2023-36845-6-

CVE-2023-36845 и CVE-2023-36846 Juniper Junos OS J-Web RCE

PoC: Juniper-CVE-2023-36845-Mass-Hunting

Juniper RCE (Remote Code Execution) CVE-2023-36845 is a vulnerability that has been identified within Juniper's software. This particular flaw allows for remote code execution, meaning an attacker could run arbitrary code on a system without needing physical access to the device.

PoC: Automation-for-Juniper-cve-2023-36845

Simple Automation script for juniper cve-2023-36845

PoC: Juniper-PoC-CVE-2023-36845

proof of Concept and Vulnerability Detector for CVE-2023-36845

PoC: ansible-cve-2023-36845

Ansible Playbook for CVE-2023-36845(Juniper Networks Junos OS 远程代码执行漏洞)

PoC: ansible-cve-2023-36845

Ansible Playbook for CVE-2023-36845

PoC: CVE-2023-36845-POC

CVE-2023-36845 PoC script automates the PoC for CVE-2023-36845 targeting Juniper Networks Junos OS's J-Web component on EX and SRX Series devices. It exploits a PHP flaw, allowing remote modification of the PHPRC variable. Successful exploitation can lead to code injection and execution.

PoC: PoC-Vuln-Detector-juniper-cve-2023-36845

PoC & vulnerability detector for Juniper EX switches and SRX firewalls

PoC: CVE-2023-36845

Mass check CVE-2023-36845

PoC: CVE-2023-36845

PoC CVE-2023-36845 on Juniper Device

PoC: cve-2023-36845-scanner

A tool to discover Juniper firewalls vulnerable to CVE-2023-36845

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free