CVE-2023-36845 (junos)

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series

and SRX Series

allows an unauthenticated, network-based attacker to control certain, important environments variables.

Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.


This issue affects Juniper Networks Junos OS on SRX Series:



* All versions prior to 21.4R3-S5;
* 22.1 versions

prior to

22.1R3-S4; …

control cve environment environments environment variable ex series external important integrity juniper juniper networks junos junos os loss may modification network networks partial php request series unauthenticated variable vulnerabilities vulnerability web