一、 漏洞 CVE-2023-36845 基础信息
漏洞信息
# Junos OS: EX 和 SRX 系列: J-Web 中的一个 PHP 漏洞允许未经过身份验证的用户控制重要的环境变量

## 漏洞概述
Juniper Networks Junos OS的J-Web存在一个PHP外部变量修改漏洞,允许未认证的网络攻击者远程执行代码。攻击者通过构建特殊的请求设置PHPRC变量,可以修改PHP执行环境并注入和执行代码。

## 影响版本
- EX 系列
- SRX 系列
  - 所有版本早于 20.4R3-S9
  - 21.1 版本,包括 21.1R1 及之后版本
  - 21.2 版本,早于 21.2R3-S7
  - 21.3 版本,早于 21.3R3-S5
  - 21.4 版本,早于 21.4R3-S5
  - 22.1 版本,早于 22.1R3-S4
  - 22.2 版本,早于 22.2R3-S2
  - 22.3 版本,早于 22.3R2-S2, 22.3R3-S1
  - 22.4 版本,早于 22.4R2-S1, 22.4R3
  - 23.2 版本,早于 23.2R1-S1, 23.2R2

## 漏洞细节
攻击者通过构建特殊的HTTP请求,设置PHPRC环境变量,从而修改PHP执行环境,注入并执行任意代码。

## 影响
该漏洞允许未认证的攻击者通过网络利用此漏洞远程执行代码,可能导致系统完全被控制。
备注
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
PHP参数外部修改
来源:美国国家漏洞数据库 NVD
漏洞标题
Juniper Networks Junos OS EX 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Juniper Networks Junos OS EX是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS EX存在安全漏洞,该漏洞源于J-Web模块存在PHP外部变量修改漏洞。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2023-36845 的公开POC
# POC 描述 源链接 神龙链接
1 A tool to discover Juniper firewalls vulnerable to CVE-2023-36845 https://github.com/vulncheck-oss/cve-2023-36845-scanner POC详情
2 Juniper Firewalls CVE-2023-36845 - RCE https://github.com/kljunowsky/CVE-2023-36845 POC详情
3 PoC CVE-2023-36845 on Juniper Device https://github.com/toanln-cov/CVE-2023-36845 POC详情
4 None https://github.com/halencarjunior/CVE-2023-36845 POC详情
5 CVE-2023-36845 - Juniper Firewall Remote code execution (RCE) https://github.com/zaenhaxor/CVE-2023-36845 POC详情
6 None https://github.com/simrotion13/CVE-2023-36845 POC详情
7 PoC & vulnerability detector for Juniper EX switches and SRX firewalls https://github.com/WhiteOwl-Pub/PoC-Vuln-Detector-juniper-cve-2023-36845 POC详情
8 CVE-2023-36845 PoC script automates the PoC for CVE-2023-36845 targeting Juniper Networks Junos OS's J-Web component on EX and SRX Series devices. It exploits a PHP flaw, allowing remote modification of the PHPRC variable. Successful exploitation can lead to code injection and execution. https://github.com/cyberh3als/CVE-2023-36845-POC POC详情
9 Ansible Playbook for CVE-2023-36845 https://github.com/ditekshen/ansible-cve-2023-36845 POC详情
10 proof of Concept and Vulnerability Detector for CVE-2023-36845 https://github.com/WhiteOwl-Pub/Juniper-PoC-CVE-2023-36845 POC详情
11 Simple Automation script for juniper cve-2023-36845 https://github.com/Asbawy/Automation-for-Juniper-cve-2023-36845 POC详情
12 Juniper RCE (Remote Code Execution) CVE-2023-36845 is a vulnerability that has been identified within Juniper's software. This particular flaw allows for remote code execution, meaning an attacker could run arbitrary code on a system without needing physical access to the device. https://github.com/jahithoque/Juniper-CVE-2023-36845-Mass-Hunting POC详情
13 None https://github.com/cyb3rzest/Juniper-Bug-Automation-CVE-2023-36845 POC详情
14 None https://github.com/CharonDefalt/Juniper-exploit-CVE-2023-36845 POC详情
15 CVE-2023-36845 и CVE-2023-36846 Juniper Junos OS J-Web RCE https://github.com/iveresk/CVE-2023-36845-6- POC详情
16 CVES https://github.com/ak1t4/CVE-2023-36845 POC详情
17 This Python script automates the Proof of Concept (PoC) for CVE-2023-36845, a vulnerability impacting Juniper Networks Junos OS on EX and SRX Series devices. The vulnerability resides in the J-Web component, allowing remote manipulation of the PHPRC variable, potentially leading to code injection. https://github.com/0xNehru/CVE-2023-36845-Juniper-Vulnerability POC详情
18 Juniper - Remote Code Execution (CVE-2023-36845) PreAuth-RCE Exploits https://github.com/imhunterand/CVE-2023-36845 POC详情
19 A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. https://github.com/ifconfig-me/CVE-2023-36845 POC详情
20 CVE-2023-36845 – Unauthenticated Juniper Remote Code Execution Vulnerability Scanner https://github.com/e11i0t4lders0n/CVE-2023-36845 POC详情
21 Ansible Playbook for CVE-2023-36845(Juniper Networks Junos OS 远程代码执行漏洞) https://github.com/CKevens/ansible-cve-2023-36845 POC详情
22 None https://github.com/Vignesh2712/Automation-for-Juniper-cve-2023-36845 POC详情
23 None https://github.com/Vignesh2712/utomation-for-Juniper-cve-2023-36845 POC详情
24 Ansible Playbook for CVE-2023-36845(Juniper Networks Junos OS 远程代码执行漏洞) https://github.com/3yujw7njai/ansible-cve-2023-36845 POC详情
25 Juniper Networks POC Understanding CVE-2023–36845 Remote Code Execution Exploit and Protection https://github.com/functionofpwnosec/CVE-2023-36845 POC详情
26 A go-exploit to scan for Juniper firewalls vulnerable to CVE-2023-36845 cve-2023-36845, go-exploit https://github.com/meekchest/cve-2023-36845-scanner POC详情
27 Ansible Playbook for CVE-2023-36845(Juniper Networks Junos OS 远程代码执行漏洞) https://github.com/AiK1d/ansible-cve-2023-36845 POC详情
28 A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-36845.yaml POC详情
三、漏洞 CVE-2023-36845 的情报信息