Cyber Resilience

CVE-2023-36844

MediumCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 17 August 2023

Published
17 August 2023
Modified
24 October 2025
KEV Added
13 November 2023
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.9422 99.9th percentile
Risk Priority 87 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-36844 is a medium-severity PHP External Variable Modification (CWE-473) vulnerability in Juniper Junos. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2023-36844 is a PHP External Variable Modification vulnerability in the J-Web interface of Juniper Networks Junos OS on EX Series switches. It enables an unauthenticated network attacker to control selected PHP environment variables through a crafted request, resulting in partial loss of integrity that may facilitate chaining with other issues. The flaw affects all versions prior to 20.4R3-S9 as well as multiple later trains up to 23.2R2, including 21.1R1 and subsequent releases before the listed fixed releases in each branch.

An unauthenticated attacker with network access can submit specially formed requests to alter important environment variables. This grants limited integrity impact without requiring credentials or user interaction, potentially serving as a stepping stone to further exploitation depending on the surrounding environment.

Juniper's advisory JSA72300 details the affected releases and corresponding fixes, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog. Operators should upgrade to one of the fixed versions such as 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R3-S1, 22.4R3, or 23.2R2 and later.

Public exploit code referencing remote code execution on EX Series devices has been posted to Packet Storm, and the vulnerability maintains a high EPSS score near 0.94.

EU & UK References

Vulnerability details

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment…

more

variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

CWE(s)
KEV Date Added
13 November 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

juniper
junos
20.4, 21.1, 21.2, 21.3, 21.4 · ≤ 20.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces that only authenticated and authorized subjects may modify PHP environment variables exposed by J-Web, blocking the unauthenticated crafted-request vector.

prevent

Requires validation of all input to J-Web so that externally supplied values cannot overwrite protected PHP environment variables.

prevent

Restricts network reachability of the J-Web interface to trusted management addresses, reducing the unauthenticated remote attack surface.

References