CVE-2023-36845 Information

Description

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series

and SRX Series

allows an unauthenticated network-based attacker to control certain important environments variables.

Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity which may allow chaining to other vulnerabilities.

This issue affects Juniper Networks Junos OS on SRX Series:

All versions prior to 21.4R3-S5;
22.1 versions 

prior to

22.1R3-S4; 22.2 versions

prior to

22.2R3-S2; 22.3 versions

prior to

22.3R2-S2 22.3R3-S1; 22.4 versions

prior to

22.4R2-S1 22.4R3; 23.2 versions prior to 23.2R1-S1 23.2R2.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

https://supportportal.juniper.net/JSA72300

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3