CVE-2023-36844: Juniper Junos OS EX Series PHP External Variable Modification Vulnerability (Pentest Lab Guide)
CVE-2023-36844: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-03-26T00:55:16.575Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2.
- Context preserved from previous revision: A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. 1. Use only isolated environments and systems you own or are explicitly authorized to test.
Technical Details
- CVE: CVE-2023-36844
- KEV date added: Unknown
- KEV due date: Not specified
- NVD published: 2023-08-17
- NVD modified: 2025-10-24
- MITRE modified: 2025-10-21
- CVSS base score: 5.3
- CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- CVSS exploitability score: 3.9
- CVSS impact score: 1.4
- Attack vector: Network
- Attack complexity: Low
- Privileges required: None
- User interaction: None
- Scope: Unchanged
- Confidentiality impact: None
- Integrity impact: Low
- Availability impact: None
Versions and Products Impacted
- juniper / junos (versions: < 20.4)
- juniper / junos (versions: 20.4)
- juniper / junos (versions: 21.1)
- juniper / junos (versions: 21.2)
- juniper / junos (versions: 21.3)
- juniper / junos (versions: 21.4)
- juniper / junos (versions: 22.1)
- juniper / junos (versions: 22.2)
- juniper / junos (versions: 22.3)
- juniper / junos (versions: 22.4)
- juniper / junos (versions: 23.2)
- Juniper Networks / Junos OS (versions: 0, 21.1, 21.2, 21.3, 21.4, 22.1, 22.2, 22.3, 22.4, 23.2)
Weakness Classification
- CWE-473
- NVD-CWE-Other
Repositories for Lab Validation (Public Examples)
- 0xor0ne/awesome-list | stars: 3415 | updated: 2026-03-26 | https://github.com/0xor0ne/awesome-list
Notes: Cybersecurity oriented awesome list - Ostorlab/KEV | stars: 608 | updated: 2026-03-23 | https://github.com/Ostorlab/KEV
Notes: Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
People and Organizations Mentioned
- juniper
- 0xor0ne
- Ostorlab
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Inventory juniper / junos (versions: < 20.4) assets and confirm exact vulnerable versions with automated checks.
- Patch in staged environments and validate closure with scanners + service health checks.
- Map detections to MITRE ATT&CK tactics relevant to your environment and tune alert quality.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2023-36844
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2023-36844
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- http://packetstormsecurity.com/files/174865/Juniper-SRX-Firewall-EX-Switch-Remote-Code-Execution.html
- https://supportportal.juniper.net/JSA72300
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36844
- Repository example: https://github.com/0xor0ne/awesome-list
- Repository example: https://github.com/Ostorlab/KEV
This content is for defensive security training and authorized validation only.