KEVIntel
Back to KEVs
9.8
CVSS
Critical

CVE-2023-36845

PUBLISHED

Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable

Exploited in the wild Remote Low complexity No user interaction
Vendor
Juniper Networks
Product
Junos OS
Published
Aug 17, 2023
EPSS

Description

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

php windows cisa nuclei_scanner edge metasploit

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2023-11-13 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Nov 13, 2023

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/http/junos_phprc_auto_prepend_file.rb Apr 28, 2025
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-36845.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

junos_phprc_auto_prepend_file

metasploit · Created Unknown

Metasploit module for CVE-2023-36845

e11i0t4lders0n/CVE-2023-36845

github · Created 2024-02-18 15:37:58 UTC · 1 stars

CVE-2023-36845 – Unauthenticated Juniper Remote Code Execution Vulnerability Scanner

ifconfig-me/CVE-2023-36845

github · Created 2024-02-17 08:15:30 UTC · 0 stars

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code.

ak1t4/CVE-2023-36845

github · Created 2024-02-13 20:59:34 UTC · 5 stars

CVES

cyberh3als/CVE-2023-36845-POC

github · Created 2023-10-02 06:28:07 UTC · 2 stars

CVE-2023-36845 PoC script automates the PoC for CVE-2023-36845 targeting Juniper Networks Junos OS's J-Web component on EX and SRX Series devices. It exploits a PHP flaw, allowing remote modification of the PHPRC variable. Successful exploitation can lead to code injection and execution.

zaenhaxor/CVE-2023-36845

github · Created 2023-09-29 03:11:37 UTC · 3 stars

CVE-2023-36845 - Juniper Firewall Remote code execution (RCE)

kljunowsky/CVE-2023-36845

github · Created 2023-09-26 17:56:55 UTC · 51 stars

Juniper Firewalls CVE-2023-36845 - RCE

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nuclei

  • Detected by Metasploit