CVE-2023-36846 — Vulnetix

CVE-2023-36846 PUBLISHED KEV

In Juniper JUNOS auf Geräten der EX- und SRX-Serie bestehen mehrere Schwachstellen in der Komponente J-WEB. Sie sind auf eine fehlende Authentifizierung und eine externe PHP-Variablenmodifikation zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen in Kombination ausnutzen, um beliebigen Code auszuführen.

EPSS 94.28% · 99.9th percentile

Risk Scores

EPSS Score

94.28%

99.9th percentile

Affected Products

Vendor	Product	Versions
Juniper	Juniper SRX Series
Juniper	Juniper EX Series

Exploit Intelligence

Remote Code Execution on Junos OS CVE-2023-36846 (github-poc-repo)
Remote Code Execution on Junos OS CVE-2023-36846 (github-poc-repo)
Remote Code Execution on Junos OS CVE-2023-36846 (github-poc-repo)
Remote Code Execution on Junos OS CVE-2023-36846 (github-poc-repo)
Remote Code Execution on Junos OS CVE-2023-36846 (github-poc-repo)
Remote Code Execution on Junos OS CVE-2023-36846 (github-poc-repo)
Remote Code Execution on Junos OS CVE-2023-36846 (github-poc-repo)
Remote Code Execution on Junos OS CVE-2023-36846 (github-poc)
Remote Code Execution on Junos OS CVE-2023-36846 (github-poc)
Remote Code Execution on Junos OS CVE-2023-36846 (github-poc)

…and 20 more exploits

Timeline

Aug 17, 2023 CVE Published
Aug 18, 2023 EPSS Score
Sep 1, 2023 PoC Published
Sep 20, 2023 EPSS Score
Nov 13, 2023 CISA KEV Added
Nov 14, 2023 EPSS Score
Nov 26, 2023 EPSS Score
Feb 1, 2024 EPSS Score
Feb 7, 2024 EPSS Score
Feb 22, 2024 EPSS Score
Mar 25, 2024 EPSS Score
Apr 7, 2024 EPSS Score

References

Open in Interactive Console →