GobyVuls/Junos_webauth_operation.php_PHPRC_Code_Execution_Vulnerability.md at a2a2bed22392015d140be8cca6c9e819f2cc5978 - GobyVuls - 临风笛

admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 18:27:13 +00:00

Goby c9532e45a3

Create Junos_webauth_operation.php_PHPRC_Code_Execution_Vulnerability.md

2023-10-11 20:50:21 +08:00

1.4 KiB

Raw Blame History

Junos webauth_operation.php PHPRC Code Execution Vulnerability (CVE-2023-36845/CVE-2023-36846)

Vulnerability	Junos webauth_operation.php PHPRC Code Execution Vulnerability (CVE-2023-36845/CVE-2023-36846)
Chinese name	Junos webauth_operation.php PHPRC 代码执行漏洞（CVE-2023-36845/CVE-2023-36846）
CVSS core	9.8
FOFA Query (click to view the results directly)	app="JUNIPer-Web-Device-Manager"
Number of assets affected	43627
Description	Junos is a reliable, high-performance network operating system from Juniper Networks.An attacker can use the J-Web service of the Junos operating system to pass in the PHPRC environment variable, turn on the allow_url_include setting, run the incoming encoded PHP code, and gain control of the entire web server.
Impact	Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.