Juniper Networks Vulnerability (CVE-2023–36845): Remote Code Execution Exploit and Protection

In the world of cybersecurity, staying ahead of vulnerabilities is critical. One such recent threat is CVE-2023–36845, a Remote Code Execution (RCE) vulnerability found in Juniper Networks Junos OS. This article delves into the details of the vulnerability, how to identify and protect against it, and provides crucial references and solutions.

Understanding CVE-2023–36845

Vulnerability Description:

A PHP External Variable Modification vulnerability was discovered in Juniper Networks Junos OS, specifically impacting the EX Series and SRX Series. This vulnerability permits an unauthenticated attacker to remotely execute malicious code. By exploiting this vulnerability through a carefully crafted request, attackers can manipulate the PHP execution environment, facilitating the injection and execution of code.

Affected Versions:

The following Juniper Networks Junos OS versions are susceptible to CVE-2023–36845:

• All versions prior to 20.4R3-S9
• 21.1 versions 21.1R1 and later
• 21.2 versions prior to 21.2R3-S7
• 21.3 versions prior to 21.3R3-S5
• 21.4 versions prior to 21.4R3-S5
• 22.1 versions prior to 22.1R3-S4
• 22.2 versions prior to 22.2R3-S2
• 22.3 versions prior to 22.3R2-S2, 22.3R3-S1
• 22.4 versions prior to 22.4R2-S1, 22.4R3
• 23.2 versions prior to 23.2R1-S1, 23.2R2

Exploiting CVE-2023–36845

Exploiting this vulnerability is as simple as making a crafted request with the PHPRC variable set. The attacker can remotely execute code, thereby compromising the system. A sample Proof of Concept (PoC) command is as follows:

curl <TARGET> -F $'auto_prepend_file="/etc/passwd\n"' -F 'PHPRC=/dev/fd/0'

How to Protect Your Systems

Protecting your systems from CVE-2023–36845 is of utmost importance. Here are some key steps to safeguard your Juniper Networks Junos OS installations:

1. Patch Your System: Ensure that your Junos OS is updated to a non-vulnerable version. Juniper Networks regularly releases patches and updates to address security concerns.
2. Access Control: Limit access to your Junos OS devices to trusted IP addresses or network segments. This reduces the risk of unauthorized access.
3. Firewall Rules: Implement firewall rules to restrict inbound and outbound traffic to and from your devices.
4. Web Application Firewall (WAF): Deploy a WAF to filter and monitor incoming web traffic, which can help detect and block malicious requests.
5. Security Scanning: Use security scanning tools like Burp Suite to proactively test your systems for vulnerabilities.

Shodan Dork for CVE-2023–36845

To identify systems susceptible to CVE-2023–36845 using Shodan, you can utilize the following dork:

title:"Juniper" http.favicon.hash:2141724739 country:"US"

This dork narrows down the search to Juniper devices with the specified favicon hash in the United States.

In Conclusion

CVE-2023–36845 is a significant threat to Juniper Networks Junos OS users. Understanding the vulnerability, actively patching your systems, and implementing security measures can help protect your network infrastructure. Staying vigilant is key to mitigating the risks associated with such vulnerabilities in the ever-evolving landscape of cybersecurity.