1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Juniper Junos OS EX Series PHP External Variable Modification Vulnerability

Known Exploited Vulnerabilities CVE-2023-36844 Mappings

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-36844 Juniper Junos OS EX Series PHP External Variable Modification Vulnerability primary_impact T1190 Exploit Public-Facing Application
Comments
This vulnerability is exploited through a PHP External Variable Modification flaw in the J-Web component of Juniper Networks Junos OS on EX Series devices. Attackers first use this vulnerability to gain control over certain environment variables by sending a crafted request, which allows them to manipulate these variables without authentication.
References
  1. https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/
  2. https://www.twingate.com/blog/tips/cve-2023-36844
CVE-2023-36844 Juniper Junos OS EX Series PHP External Variable Modification Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
This vulnerability is exploited through a PHP External Variable Modification flaw in the J-Web component of Juniper Networks Junos OS on EX Series devices. Attackers first use this vulnerability to gain control over certain environment variables by sending a crafted request, which allows them to manipulate these variables without authentication.
References
  1. https://socradar.io/rapid-reset-ddos-attacks-rise-october-2023-patch-tuesday-has-arrived-cve-2023-36563-cve-2023-41763-cve-2023-44487/
  2. https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/
  3. https://www.twingate.com/blog/tips/cve-2023-36844