CVE-2023-36844

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.

Using a crafted request an attacker is able to modify

certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series:

All versions prior to 20.4R3-S9;
21.1 versions 21.1R1 and later;
21.2 versions prior to 21.2R3-S7;
21.3 versions

prior to

21.3R3-S5;

21.4 versions

prior to

21.4R3-S5;

22.1 versions

prior to

22.1R3-S4;

22.2 versions

prior to

22.2R3-S2;

22.3 versions

prior to 22.3R3-S1;

22.4 versions

prior to

22.4R2-S2, 22.4R3;

23.2 versions prior to

23.2R1-S1, 23.2R2.

Affected Software

Name	Vendor	Start Version	End Version
Ex2200	Juniper	- (including)	- (including)
Ex2200-c	Juniper	- (including)	- (including)
Ex2200-vc	Juniper	- (including)	- (including)
Ex2300	Juniper	- (including)	- (including)
Ex2300-24mp	Juniper	- (including)	- (including)
Ex2300-24p	Juniper	- (including)	- (including)
Ex2300-24t	Juniper	- (including)	- (including)
Ex2300-48mp	Juniper	- (including)	- (including)
Ex2300-48p	Juniper	- (including)	- (including)
Ex2300-48t	Juniper	- (including)	- (including)
Ex2300-c	Juniper	- (including)	- (including)
Ex2300m	Juniper	- (including)	- (including)
Ex3200	Juniper	- (including)	- (including)
Ex3300	Juniper	- (including)	- (including)
Ex3300-vc	Juniper	- (including)	- (including)
Ex3400	Juniper	- (including)	- (including)
Ex4200	Juniper	- (including)	- (including)
Ex4200-vc	Juniper	- (including)	- (including)
Ex4300	Juniper	- (including)	- (including)
Ex4300-24p	Juniper	- (including)	- (including)
Ex4300-24p-s	Juniper	- (including)	- (including)
Ex4300-24t	Juniper	- (including)	- (including)
Ex4300-24t-s	Juniper	- (including)	- (including)
Ex4300-32f	Juniper	- (including)	- (including)
Ex4300-32f-dc	Juniper	- (including)	- (including)
Ex4300-32f-s	Juniper	- (including)	- (including)
Ex4300-48mp	Juniper	- (including)	- (including)
Ex4300-48mp-s	Juniper	- (including)	- (including)
Ex4300-48p	Juniper	- (including)	- (including)
Ex4300-48p-s	Juniper	- (including)	- (including)
Ex4300-48t	Juniper	- (including)	- (including)
Ex4300-48t-afi	Juniper	- (including)	- (including)
Ex4300-48t-dc	Juniper	- (including)	- (including)
Ex4300-48t-dc-afi	Juniper	- (including)	- (including)
Ex4300-48t-s	Juniper	- (including)	- (including)
Ex4300-48tafi	Juniper	- (including)	- (including)
Ex4300-48tdc	Juniper	- (including)	- (including)
Ex4300-48tdc-afi	Juniper	- (including)	- (including)
Ex4300-mp	Juniper	- (including)	- (including)
Ex4300-vc	Juniper	- (including)	- (including)
Ex4300m	Juniper	- (including)	- (including)
Ex4400	Juniper	- (including)	- (including)
Ex4500	Juniper	- (including)	- (including)
Ex4500-vc	Juniper	- (including)	- (including)
Ex4550	Juniper	- (including)	- (including)
Ex4550-vc	Juniper	- (including)	- (including)
Ex4550/vc	Juniper	- (including)	- (including)
Ex4600	Juniper	- (including)	- (including)
Ex4600-vc	Juniper	- (including)	- (including)
Ex4650	Juniper	- (including)	- (including)
Ex6200	Juniper	- (including)	- (including)
Ex6210	Juniper	- (including)	- (including)
Ex8200	Juniper	- (including)	- (including)
Ex8200-vc	Juniper	- (including)	- (including)
Ex8208	Juniper	- (including)	- (including)
Ex8216	Juniper	- (including)	- (including)
Ex9200	Juniper	- (including)	- (including)
Ex9204	Juniper	- (including)	- (including)
Ex9208	Juniper	- (including)	- (including)
Ex9214	Juniper	- (including)	- (including)
Ex9250	Juniper	- (including)	- (including)
Ex9251	Juniper	- (including)	- (including)
Ex9253	Juniper	- (including)	- (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-36844
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References