A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series 
and SRX Series 
allows an unauthenticated, network-based attacker to remotely execute code.
Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.
This issue affects Juniper Networks Junos OS on EX Series
and 
SRX Series:
  *  All versions prior to 
20.4R3-S9;
  *  21.1 versions 21.1R1 and later;
  *  21.2 versions prior to 21.2R3-S7;
  *  21.3 versions prior to 21.3R3-S5;
  *  21.4 versions prior to 21.4R3-S5;
  *  22.1 versions 
prior to 
22.1R3-S4;
  *  22.2 versions 
prior to 
22.2R3-S2;
  *  22.3 versions 
prior to 
22.3R2-S2, 22.3R3-S1;
  *  22.4 versions 
prior to 
22.4R2-S1, 22.4R3;
  *  23.2 versions prior to 23.2R1-S1, 23.2R2.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 21 Oct 2025 23:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Tue, 21 Oct 2025 20:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Tue, 21 Oct 2025 19:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Thu, 13 Feb 2025 17:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. | 
Mon, 03 Feb 2025 17:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | kev 
 
 | 
Mon, 27 Jan 2025 22:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:2.3:h:juniper:ex2200-vc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2200:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300-24mp:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300-24p:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300-24t:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300-48mp:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300-48p:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300-48t:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex2300m:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex3200:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex3300-vc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex3300:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4200-vc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4200:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-24p-s:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-24p:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-24t-s:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-24t:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-32f-dc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-32f-s:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-32f:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48mp-s:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48mp:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48p-s:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48p:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48t-afi:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48t-dc-afi:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48t-dc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48t-s:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48t:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48tafi:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48tdc-afi:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-48tdc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-mp:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300-vc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4300m:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4400:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4500-vc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4500:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4550-vc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4550:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4550\/vc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4600-vc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex6200:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex6210:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex8200-vc:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex8200:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex8208:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex8216:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex9200:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex9204:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex9208:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex9214:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex9250:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex9251:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:ex9253:-:*:*:*:*:*:*:* | |
| Vendors & Products | Juniper ex2200 Juniper ex2200-c Juniper ex2200-vc Juniper ex2300 Juniper ex2300-24mp Juniper ex2300-24p Juniper ex2300-24t Juniper ex2300-48mp Juniper ex2300-48p Juniper ex2300-48t Juniper ex2300-c Juniper ex2300m Juniper ex3200 Juniper ex3300 Juniper ex3300-vc Juniper ex3400 Juniper ex4200 Juniper ex4200-vc Juniper ex4300 Juniper ex4300-24p Juniper ex4300-24p-s Juniper ex4300-24t Juniper ex4300-24t-s Juniper ex4300-32f Juniper ex4300-32f-dc Juniper ex4300-32f-s Juniper ex4300-48mp Juniper ex4300-48mp-s Juniper ex4300-48p Juniper ex4300-48p-s Juniper ex4300-48t Juniper ex4300-48t-afi Juniper ex4300-48t-dc Juniper ex4300-48t-dc-afi Juniper ex4300-48t-s Juniper ex4300-48tafi Juniper ex4300-48tdc Juniper ex4300-48tdc-afi Juniper ex4300-mp Juniper ex4300-vc Juniper ex4300m Juniper ex4400 Juniper ex4500 Juniper ex4500-vc Juniper ex4550 Juniper ex4550-vc Juniper ex4550\/vc Juniper ex4600 Juniper ex4600-vc Juniper ex4650 Juniper ex6200 Juniper ex6210 Juniper ex8200 Juniper ex8200-vc Juniper ex8208 Juniper ex8216 Juniper ex9200 Juniper ex9204 Juniper ex9208 Juniper ex9214 Juniper ex9250 Juniper ex9251 Juniper ex9253 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: juniper
Published: 2023-08-17T19:17:57.183Z
Updated: 2025-10-21T23:05:40.639Z
Reserved: 2023-06-27T16:17:25.277Z
Link: CVE-2023-36845
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-02T17:01:09.559Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2023-08-17T20:15:10.360
Modified: 2025-10-24T16:43:55.083
Link: CVE-2023-36845
 Redhat
                        Redhat
                    No data.