A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series
and SRX Series
allows an unauthenticated, network-based attacker to remotely execute code.
Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.
This issue affects Juniper Networks Junos OS on EX Series
and
SRX Series:
20.4R3-S9;
prior to
22.1R3-S4;
prior to
22.2R3-S2;
prior to
22.3R2-S2, 22.3R3-S1;
prior to
22.4R2-S1, 22.4R3;
A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Srx100 | Juniper | - (including) | - (including) |
| Srx110 | Juniper | - (including) | - (including) |
| Srx1400 | Juniper | - (including) | - (including) |
| Srx1500 | Juniper | - (including) | - (including) |
| Srx210 | Juniper | - (including) | - (including) |
| Srx220 | Juniper | - (including) | - (including) |
| Srx240 | Juniper | - (including) | - (including) |
| Srx240h2 | Juniper | - (including) | - (including) |
| Srx240m | Juniper | - (including) | - (including) |
| Srx300 | Juniper | - (including) | - (including) |
| Srx320 | Juniper | - (including) | - (including) |
| Srx340 | Juniper | - (including) | - (including) |
| Srx3400 | Juniper | - (including) | - (including) |
| Srx345 | Juniper | - (including) | - (including) |
| Srx3600 | Juniper | - (including) | - (including) |
| Srx380 | Juniper | - (including) | - (including) |
| Srx4000 | Juniper | - (including) | - (including) |
| Srx4100 | Juniper | - (including) | - (including) |
| Srx4200 | Juniper | - (including) | - (including) |
| Srx4600 | Juniper | - (including) | - (including) |
| Srx5000 | Juniper | - (including) | - (including) |
| Srx5400 | Juniper | - (including) | - (including) |
| Srx550 | Juniper | - (including) | - (including) |
| Srx550_hm | Juniper | - (including) | - (including) |
| Srx550m | Juniper | - (including) | - (including) |
| Srx5600 | Juniper | - (including) | - (including) |
| Srx5800 | Juniper | - (including) | - (including) |
| Srx650 | Juniper | - (including) | - (including) |