A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based malicious user to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions before 21.2R3-S7; * 21.3 versions before 21.3R3-S5; * 21.4 versions before 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions before 23.2R1-S1, 23.2R2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
juniper junos |
||
juniper junos 20.4 |
||
juniper junos 21.1 |
||
juniper junos 21.2 |
||
juniper junos 21.3 |
||
juniper junos 21.4 |
||
juniper junos 22.1 |
||
juniper junos 22.2 |
||
juniper junos 22.3 |
||
juniper junos 22.4 |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Unauthenticated and remote code execution possible without dropping a file on disk
About 79 percent of public-facing Juniper SRX firewalls remain vulnerable to a single security flaw can allow an unauthenticated attacker to remotely execute code on the devices, according to threat intelligence platform provider VulnCheck. Juniper revealed and addressed five flaws, which affect all versions of Junos OS on SRX firewalls and EX Series switches, in an out-of-cycle security bulletin on August 17. The networking and security company updated the advisory on September 7, after securit...