thrunt.me Applied Cybernetics Group

November 13, 2023 · Applied Cybernetics Group

CVE-2023-36844 — Juniper Junos OS

Juniper Junos OS EX Series PHP External Variable Modification Vulnerability

Added to KEV
2023-11-13
Federal due date
2023-11-17
Vendor
Juniper
Product
Junos OS
EPSS
99.9th percentile (score 0.942, as of 2026-06-08)
NVD CVSS v3.1
Ransomware use
Unknown
Upstream
https://nvd.nist.gov/vuln/detail/CVE-2023-36844

CISA short description

Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to partial loss of integrity, which may allow chaining to other vulnerabilities.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.