Cyber Resilience

CVE-2023-36845

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 17 August 2023

Published
17 August 2023
Modified
24 October 2025
KEV Added
13 November 2023
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9435 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-36845 is a critical-severity PHP External Variable Modification (CWE-473) vulnerability in Juniper Junos. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2023-36845 is a PHP External Variable Modification vulnerability in the J-Web interface of Juniper Networks Junos OS on EX Series and SRX Series platforms. An unauthenticated network attacker can supply a crafted request that sets the PHPRC variable, altering the PHP execution environment to permit injection and execution of arbitrary code. The flaw affects all versions prior to 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S2, 22.3R2-S2/22.3R3-S1, 22.4R2-S1/22.4R3, and 23.2R1-S1/23.2R2, as well as 21.1R1 and later releases before the listed fixes.

An unauthenticated remote attacker can exploit the issue over the network to achieve full remote code execution with no user interaction or credentials required, corresponding to the CVSS 9.8 rating.

The official Juniper advisory JSA72300 directs customers to install the fixed releases enumerated above; no other workarounds are specified in the reference materials.

Public exploit code for the vulnerability has been posted to Packet Storm, and the EPSS score has reached a peak of 0.9719 with a current value of 0.9435, indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is…

more

able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

CWE(s)
KEV Date Added
13 November 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

juniper
junos
20.4, 21.1, 21.2, 21.3, 21.4 · ≤ 20.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks crafted requests that modify the PHPRC external variable to inject and execute arbitrary PHP code.

prevent

Enforces authentication and authorization requirements on J-Web, denying unauthenticated network attackers the ability to reach the vulnerable endpoint.

prevent

Requires prompt application of vendor patches that eliminate the PHP External Variable Modification flaw in the listed Junos releases.

References