CVE-2023-36844 — MEDIUM (5.3)

Q: How severe is CVE-2023-36844?

CVE-2023-36844 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-36844?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2200, Juniper Ex2200-C, Juniper Ex2200-Vc, Juniper Ex2300.

Vulnerability Description

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 20.4
Juniper	Ex2200	-
Juniper	Ex2200-C	-
Juniper	Ex2200-Vc	-
Juniper	Ex2300	-
Juniper	Ex2300-24Mp	-
Juniper	Ex2300-24P	-
Juniper	Ex2300-24T	-
Juniper	Ex2300-48Mp	-
Juniper	Ex2300-48P	-
Juniper	Ex2300-48T	-
Juniper	Ex2300-C	-
Juniper	Ex2300M	-
Juniper	Ex3200	-
Juniper	Ex3300	-
Juniper	Ex3300-Vc	-
Juniper	Ex3400	-
Juniper	Ex4200	-
Juniper	Ex4200-Vc	-
Juniper	Ex4300	-

Related Weaknesses (CWE)

CWE-473

References

http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-RemotExploitThird Party AdvisoryVDB Entry
https://supportportal.juniper.net/JSA72300Vendor Advisory
http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-RemotExploitThird Party AdvisoryVDB Entry
https://supportportal.juniper.net/JSA72300Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-US Government Resource

FAQ

What is CVE-2023-36844?

CVE-2023-36844 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variab...

How severe is CVE-2023-36844?

CVE-2023-36844 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-36844?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2200, Juniper Ex2200-C, Juniper Ex2200-Vc, Juniper Ex2300.