Juniper Junos OS Remote Code Execution

critical Web App Scanning Plugin ID 114198


Juniper Junos OS Remote Code Execution


A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection and execution of code.


See Juniper website to update to a non-vulnerable version.

See Also

Plugin Details

Severity: Critical

ID: 114198

Type: remote

Published: 2/7/2024

Updated: 2/7/2024

Scan Template: basic, full, pci, scan

Risk Information


Risk Factor: Critical

Score: 9.2


Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-36845


Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2023-36845

Vulnerability Information

CPE: cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/17/2023

Vulnerability Publication Date: 8/17/2023

CISA Known Exploited Vulnerability Due Dates: 11/17/2023

Reference Information

CVE: CVE-2023-36845