Skip to content

A PHP External Variable Modification vulnerability in J...

Critical severity Unreviewed Published Aug 17, 2023 to the GitHub Advisory Database • Updated Feb 11, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series

and SRX Series

allows an unauthenticated, network-based attacker to control certain, important environments variables.

Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

  • All versions prior to 21.4R3-S5;
  • 22.1 versions

prior to

22.1R3-S4;

  • 22.2 versions

prior to

22.2R3-S2;

  • 22.3 versions

prior to

22.3R2-S2, 22.3R3-S1;

  • 22.4 versions

prior to

22.4R2-S1, 22.4R3;

  • 23.2 versions prior to 23.2R1-S1, 23.2R2.

References

Published by the National Vulnerability Database Aug 17, 2023
Published to the GitHub Advisory Database Aug 17, 2023
Last updated Feb 11, 2024

Severity

Critical

Weaknesses

CVE ID

CVE-2023-36845

GHSA ID

GHSA-q56g-qr28-qh57

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Checking history
See something to contribute? Suggest improvements for this vulnerability.