CVE-2023-36844 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2023-36844?
CVE-2023-36844 is a medium-severity vulnerability in Juniper Networks Junos OS on EX Series devices. This PHP External Variable Modification vulnerability in the J-Web component allows an unauthenticated, network-based attacker to control certain environment variables, causing partial loss of integrity and potentially leading to the exploitation of other vulnerabilities. This issue impacts EX Series switches from Juniper Networks running Junos OS.
Who is impacted by CVE-2023-36844?
CVE-2023-36844 affects users of Juniper Networks Junos OS on EX Series devices. Systems at risk include versions prior to 20.4R3-S9, 21.1R1 and later, 21.2 versions prior to 21.2R3-S7, 21.3 versions prior to 21.3R3-S5, 21.4 versions prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S4, 22.2 versions prior to 22.2R3-S2, 22.3 versions prior to 22.3R3-S1, 22.4 versions prior to 22.4R2-S2 and 22.4R3, and 23.2 versions prior to 23.2R1-S1 and 23.2R2. This vulnerability allows attackers to control certain environment variables, potentially leading to the exploitation of other vulnerabilities.
What to do if CVE-2023-36844 affected you
If you're affected by the CVE-2023-36844 vulnerability, it's important to take action to protect your systems. Follow these simple steps:
Identify affected Juniper Networks Junos OS on EX Series devices.
Upgrade to a software release that prevents the vulnerability, as mentioned in the Juniper Security Bulletin.
Monitor the CISA Known Exploited Vulnerabilities Catalog for updates and additional vulnerabilities.
Implement a vulnerability management prioritization framework, such as the CISA Binding Operational Directive 22-01.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-36844 vulnerability, also known as the Juniper Junos OS EX Series PHP External Variable Modification Vulnerability, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on November 13, 2023, and the due date for required action is November 17, 2023. To protect your systems, you should apply mitigations as per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-473, a PHP External Variable Modification issue affecting Juniper Networks Junos OS on EX Series devices.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the National Vulnerability Database or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-36844 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2023-36844?
CVE-2023-36844 is a medium-severity vulnerability in Juniper Networks Junos OS on EX Series devices. This PHP External Variable Modification vulnerability in the J-Web component allows an unauthenticated, network-based attacker to control certain environment variables, causing partial loss of integrity and potentially leading to the exploitation of other vulnerabilities. This issue impacts EX Series switches from Juniper Networks running Junos OS.
Who is impacted by CVE-2023-36844?
CVE-2023-36844 affects users of Juniper Networks Junos OS on EX Series devices. Systems at risk include versions prior to 20.4R3-S9, 21.1R1 and later, 21.2 versions prior to 21.2R3-S7, 21.3 versions prior to 21.3R3-S5, 21.4 versions prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S4, 22.2 versions prior to 22.2R3-S2, 22.3 versions prior to 22.3R3-S1, 22.4 versions prior to 22.4R2-S2 and 22.4R3, and 23.2 versions prior to 23.2R1-S1 and 23.2R2. This vulnerability allows attackers to control certain environment variables, potentially leading to the exploitation of other vulnerabilities.
What to do if CVE-2023-36844 affected you
If you're affected by the CVE-2023-36844 vulnerability, it's important to take action to protect your systems. Follow these simple steps:
Identify affected Juniper Networks Junos OS on EX Series devices.
Upgrade to a software release that prevents the vulnerability, as mentioned in the Juniper Security Bulletin.
Monitor the CISA Known Exploited Vulnerabilities Catalog for updates and additional vulnerabilities.
Implement a vulnerability management prioritization framework, such as the CISA Binding Operational Directive 22-01.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-36844 vulnerability, also known as the Juniper Junos OS EX Series PHP External Variable Modification Vulnerability, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on November 13, 2023, and the due date for required action is November 17, 2023. To protect your systems, you should apply mitigations as per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-473, a PHP External Variable Modification issue affecting Juniper Networks Junos OS on EX Series devices.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the National Vulnerability Database or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-36844 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2023-36844?
CVE-2023-36844 is a medium-severity vulnerability in Juniper Networks Junos OS on EX Series devices. This PHP External Variable Modification vulnerability in the J-Web component allows an unauthenticated, network-based attacker to control certain environment variables, causing partial loss of integrity and potentially leading to the exploitation of other vulnerabilities. This issue impacts EX Series switches from Juniper Networks running Junos OS.
Who is impacted by CVE-2023-36844?
CVE-2023-36844 affects users of Juniper Networks Junos OS on EX Series devices. Systems at risk include versions prior to 20.4R3-S9, 21.1R1 and later, 21.2 versions prior to 21.2R3-S7, 21.3 versions prior to 21.3R3-S5, 21.4 versions prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S4, 22.2 versions prior to 22.2R3-S2, 22.3 versions prior to 22.3R3-S1, 22.4 versions prior to 22.4R2-S2 and 22.4R3, and 23.2 versions prior to 23.2R1-S1 and 23.2R2. This vulnerability allows attackers to control certain environment variables, potentially leading to the exploitation of other vulnerabilities.
What to do if CVE-2023-36844 affected you
If you're affected by the CVE-2023-36844 vulnerability, it's important to take action to protect your systems. Follow these simple steps:
Identify affected Juniper Networks Junos OS on EX Series devices.
Upgrade to a software release that prevents the vulnerability, as mentioned in the Juniper Security Bulletin.
Monitor the CISA Known Exploited Vulnerabilities Catalog for updates and additional vulnerabilities.
Implement a vulnerability management prioritization framework, such as the CISA Binding Operational Directive 22-01.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-36844 vulnerability, also known as the Juniper Junos OS EX Series PHP External Variable Modification Vulnerability, is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on November 13, 2023, and the due date for required action is November 17, 2023. To protect your systems, you should apply mitigations as per vendor instructions or discontinue the use of the product if mitigations are unavailable.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-473, a PHP External Variable Modification issue affecting Juniper Networks Junos OS on EX Series devices.
Learn More
For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the National Vulnerability Database or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions