A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NJuniper Ex2200
HWJuniperwszystkie wersjeJuniper Ex2200 C
HWJuniperwszystkie wersjeJuniper Ex2200 Vc
HWJuniperwszystkie wersjeJuniper Ex2300
HWJuniperwszystkie wersjeJuniper Ex2300 24mp
HWJuniperwszystkie wersjeJuniper Ex2300 24p
HWJuniperwszystkie wersjeJuniper Ex2300 24t
HWJuniperwszystkie wersjeJuniper Ex2300 48mp
HWJuniperwszystkie wersjeJuniper Ex2300 48p
HWJuniperwszystkie wersjeJuniper Ex2300 48t
HWJuniperwszystkie wersjeJuniper Ex2300 C
HWJuniperwszystkie wersjeJuniper Ex2300m
HWJuniperwszystkie wersjeJuniper Ex3200
HWJuniperwszystkie wersjeJuniper Ex3300
HWJuniperwszystkie wersjeJuniper Ex3300 Vc
HWJuniperwszystkie wersjeJuniper Ex3400
HWJuniperwszystkie wersjeJuniper Ex4200
HWJuniperwszystkie wersjeJuniper Ex4200 Vc
HWJuniperwszystkie wersjeJuniper Ex4300
HWJuniperwszystkie wersjeJuniper Ex4300 24p
HWJuniperwszystkie wersjeJuniper Ex4300 24p S
HWJuniperwszystkie wersjeJuniper Ex4300 24t
HWJuniperwszystkie wersjeJuniper Ex4300 24t S
HWJuniperwszystkie wersjeJuniper Ex4300 32f
HWJuniperwszystkie wersjeJuniper Ex4300 32f Dc
HWJuniperwszystkie wersjeJuniper Ex4300 32f S
HWJuniperwszystkie wersjeJuniper Ex4300 48mp
HWJuniperwszystkie wersjeJuniper Ex4300 48mp S
HWJuniperwszystkie wersjeJuniper Ex4300 48p
HWJuniperwszystkie wersjeJuniper Ex4300 48p S
HWJuniperwszystkie wersje
CISA KEV — detailsi
- Vendori
- Juniper
- Producti
- Junos OS
- Added to KEVi
- November 13, 2023
- Remediation deadline (US Federal)i
- November 17, 2023(overdue)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
Related vulnerabilities
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...
Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...
An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...