CVE-2023-36845

CVE-2023-36845 is a significant software vulnerability, specifically a PHP external variable modification bug, identified by WatchTowr Labs' security researchers. The flaw was part of a series of vulnerabilities linked to the SRX firewall system, including a missing authentication for critical function vulnerability (CVE-2023-36846). In response to these findings, WatchTowr Labs developed and released a proof-of-concept exploit that chains these flaws together, demonstrating their potential impact. In late September, external researchers published a new variant of the SRX upload vulnerability (CVE-2023-36851), as well as an exploit for the code execution vulnerability (CVE-2023-36845) that operates independently of a previous file upload. This development highlighted the severity of CVE-2023-36845, prompting Juniper to emphasize the urgent need to address the ability to execute code. According to Juniper, once this issue is resolved, the effect of the remaining vulnerabilities would be significantly mitigated. Juniper's advisory further stressed the importance of addressing the code execution vulnerability (CVE-2023-36845), following the publication of a variation of the exploit that works without a prior file upload. As such, the company strongly recommended immediate action to fix the ability to execute code, underlining its pivotal role in the chain of vulnerabilities affecting the SRX firewall system.