A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HJuniper Junos
OSJuniper20.421.121.221.321.422.122.222.322.423.2< 20.4Juniper Srx100
HWJuniperwszystkie wersjeJuniper Srx110
HWJuniperwszystkie wersjeJuniper Srx1400
HWJuniperwszystkie wersjeJuniper Srx1500
HWJuniperwszystkie wersjeJuniper Srx210
HWJuniperwszystkie wersjeJuniper Srx220
HWJuniperwszystkie wersjeJuniper Srx240
HWJuniperwszystkie wersjeJuniper Srx240h2
HWJuniperwszystkie wersjeJuniper Srx240m
HWJuniperwszystkie wersjeJuniper Srx300
HWJuniperwszystkie wersjeJuniper Srx320
HWJuniperwszystkie wersjeJuniper Srx340
HWJuniperwszystkie wersjeJuniper Srx3400
HWJuniperwszystkie wersjeJuniper Srx345
HWJuniperwszystkie wersjeJuniper Srx3600
HWJuniperwszystkie wersjeJuniper Srx380
HWJuniperwszystkie wersjeJuniper Srx4000
HWJuniperwszystkie wersjeJuniper Srx4100
HWJuniperwszystkie wersjeJuniper Srx4200
HWJuniperwszystkie wersjeJuniper Srx4600
HWJuniperwszystkie wersjeJuniper Srx5000
HWJuniperwszystkie wersjeJuniper Srx5400
HWJuniperwszystkie wersjeJuniper Srx550
HWJuniperwszystkie wersjeJuniper Srx550 Hm
HWJuniperwszystkie wersjeJuniper Srx550m
HWJuniperwszystkie wersjeJuniper Srx5600
HWJuniperwszystkie wersjeJuniper Srx5800
HWJuniperwszystkie wersjeJuniper Srx650
HWJuniperwszystkie wersje
CISA KEV — detailsi
- Vendori
- Juniper
- Producti
- Junos OS
- Added to KEVi
- November 13, 2023
- Remediation deadline (US Federal)i
- November 17, 2023(overdue)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the PHP execution environment allowing the injection und execution of code.
Related vulnerabilities
Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...
An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...
On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, proc...