CVE-2023-36845
This script provides an automated Proof of Concept (PoC) for CVE-2023-36845, a vulnerability affecting Juniper Networks Junos OS on EX and SRX Series devices. It exploits the J-Web component, allowing remote modification of the PHPRC variable and potential code injection.
Affected Versions:
- Junos OS versions susceptible to CVE-2023–36845:
- All versions prior to 20.4R3-S9
- 21.1R1 and later
- 21.2 versions prior to 21.2R3-S7
- 21.3 versions prior to 21.3R3-S5
- 21.4 versions prior to 21.4R3-S5
- 22.1 versions prior to 22.1R3-S4
- 22.2 versions prior to 22.2R3-S2
- 22.3 versions prior to 22.3R2-S2, 22.3R3-S1
- 22.4 versions prior to 22.4R2-S1, 22.4R3
- 23.2 versions prior to 23.2R1-S1, 23.2R2
Prerequisites
- Python 3.x
- Required Python library: requests==2.26.0
Installation
git clone https://github.com/0xNehru/CVE-2023-36845-Juniper-Vulnerability.git
cd CVE-2023-36845-Juniper-Vulnerability
Install required libraries:
pip install -r requirements.txt
Usage
python3 CVE-2023-36845-POC.py
Warning: Use responsibly with explicit permission. Unauthorized testing may have legal consequences.
Contributing: Pull requests welcome. For major changes, open an issue to discuss. Script designed to exploit multiple IPs concurrently.
Noted - This version includes instructions to save the target hosts' IP addresses in a hosts.txt file before running the script.