CVE-2023-36845

Vulnerability updated 22 days ago (2024-11-29T14:13:20.841Z)

Download STIX

Preview STIX

CVE-2023-36845 is a significant software vulnerability, specifically a PHP external variable modification bug, identified by WatchTowr Labs' security researchers. The flaw was part of a series of vulnerabilities linked to the SRX firewall system, including a missing authentication for critical function vulnerability (CVE-2023-36846). In response to these findings, WatchTowr Labs developed and released a proof-of-concept exploit that chains these flaws together, demonstrating their potential impact. In late September, external researchers published a new variant of the SRX upload vulnerability (CVE-2023-36851), as well as an exploit for the code execution vulnerability (CVE-2023-36845) that operates independently of a previous file upload. This development highlighted the severity of CVE-2023-36845, prompting Juniper to emphasize the urgent need to address the ability to execute code. According to Juniper, once this issue is resolved, the effect of the remaining vulnerabilities would be significantly mitigated. Juniper's advisory further stressed the importance of addressing the code execution vulnerability (CVE-2023-36845), following the publication of a variation of the exploit that works without a prior file upload. As such, the company strongly recommended immediate action to fix the ability to execute code, underlining its pivotal role in the chain of vulnerabilities affecting the SRX firewall system.

Description last updated: 2024-05-04T17:59:42.559Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Juniper

Junos

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-36844 Vulnerability is associated with CVE-2023-36845. CVE-2023-36844 is a medium-severity vulnerability (CVSS 5.3) in Juniper Networks' Junos OS, specifically impacting EX switches and SRX firewalls. This flaw, along with three others (CVE-2023-36845, CVE-2023-36846, CVE-2023-36847), was addressed by Juniper in mid-August. The details of these vulnerab	Unspecified	2

Source Document References

Information about the CVE-2023-36845 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	a month ago	2023 Top Routinely Exploited Vulnerabilities \| CISA
CERT-EU	a year ago	Juniper warns of critical RCE bug in its firewalls and switches
CERT-EU	a year ago	More than 20 Danish energy firms compromised in a large-scale cyberattack
CERT-EU	a year ago	Juniper networking devices under attack - Help Net Security
Securityaffairs	a year ago	CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog
CERT-EU	a year ago	CISA Adds Six Known Exploited Vulnerabilities to Catalog \| CISA
CERT-EU	a year ago	CISA warns of actively exploited Juniper pre-auth RCE exploit chain
CERT-EU	a year ago	Recent Vulnerabilities in Popular Applications Blocked by Imperva
CERT-EU	a year ago	Juniper Networks acknowledges new spin on firewall vulnerability
Securityaffairs	a year ago	Security Affairs newsletter Round 438 by Pierluigi Paganini
CERT-EU	a year ago	Cyber Security Week in Review: September 22, 2023
CERT-EU	a year ago	Estimated 12,000 Juniper Devices Vulnerable to RCE Vulnerability
CERT-EU	a year ago	Cyber Security Today, Sept. 20, 2023 – A new online card-skimming campaign, new WinServer backdoors and more \| IT World Canada News
CERT-EU	a year ago	GovCERT.HK - Security Alerts
Securityaffairs	a year ago	12,000 Juniper SRX firewalls and EX switches vulnerable to CVE-2023-36845
CERT-EU	a year ago	Thousands of Juniper devices vulnerable to unauthenticated RCE flaw
CERT-EU	a year ago	Weekly Vulnerability Recap - Sept 4, 2023 - Network Devices Hit
BankInfoSecurity	a year ago	Experts Urge Immediate Juniper Firewall and Switch Patching
CERT-EU	a year ago	This code allow to hack into Juniper SRX firewalls and EX switches
Securityaffairs	a year ago	Threat actors started exploiting Juniper flaws shortly after PoC release