CVE-2023-36845

Summary

CVE-2023-36845 is a critical vulnerability affecting Juniper Networks Junos OS on EX Series and SRX Series devices. An unauthenticated, remote attacker can exploit this PHP External Variable Modification vulnerability by manipulating the variable PHPRC, allowing the injection and execution of malicious code. This issue poses a significant risk and affects various versions of Junos OS, including those prior to 20.4R3-S9, 21.1R1 and later, 21.2 versions prior to 21.2R3-S7, 21.3 versions prior to 21.3R3-S5, 21.4 versions prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S4, 22.2 versions prior to 22.2R3-S2, 22.3 versions prior to 22.3R2-S2, 22.3R3-S1, 22.4 versions prior to 22.4R2-S1, 22.4R3, 23.2 versions prior to 23.2R1-S1, and 23.2R2. It is essential to update affected systems with the latest Junos OS releases to mitigate this vulnerability and protect against potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.