#VU79687 Input validation error in Juniper Junos OS - CVE-2023-36844
Published: August 18, 2023 / Updated: November 13, 2023
Vulnerability identifier: #VU79687
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2023-36844
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Juniper Junos OS
Juniper Junos OS
Software vendor:
Juniper Networks, Inc.
Juniper Networks, Inc.
Description
The vulnerability allows a remote attacker to modify application behavior.
The vulnerability exists due to insufficient validation of user-supplied input in J-Web. A remote attacker can modify values of certain PHP environments variables and modify application's behavior.
Successful exploitation of the vulnerability can lead to remote code execution.
Remediation
Install updates from vendor's website.