PatchSiren cyber security CVE debrief
CVE-2023-36845 Juniper CVE debrief
CVE-2023-36845 is a Juniper Junos OS issue affecting EX Series and SRX Series devices. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-11-13, with a remediation due date of 2023-11-17, which indicates active exploitation concerns and an urgent defensive response window. The vendor bulletin referenced by CISA describes related J-Web issues that can be combined to enable pre-authentication remote code execution. Defenders should treat exposure of Junos OS management interfaces, especially J-Web, as a high-priority risk and follow Juniper’s mitigation guidance immediately.
- Vendor
- Juniper
- Product
- Junos OS
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2023-11-13
- Original CVE updated
- 2023-11-13
- Advisory published
- 2023-11-13
- Advisory updated
- 2023-11-13
Who should care
Network and security teams responsible for Juniper Junos OS EX Series and SRX Series devices, especially environments where J-Web is enabled or reachable from untrusted networks. Incident responders should also review these devices for signs of compromise because the vulnerability is in CISA’s KEV catalog.
Technical summary
The CVE is described as a PHP external variable modification vulnerability in Juniper Junos OS for EX Series and SRX Series. CISA’s KEV record cites a Juniper support bulletin stating that multiple J-Web vulnerabilities can be combined to allow pre-authentication remote code execution. The official records supplied here do not include a full exploit chain or technical write-up, so the safest interpretation is that the issue materially weakens the security of Junos OS web management exposure and has been deemed exploitable enough for KEV listing.
Defensive priority
Urgent. This is a CISA Known Exploited Vulnerability with a short remediation due date, so mitigation or remediation should be prioritized immediately over routine maintenance.
Recommended defensive actions
- Apply the Juniper-recommended mitigations or fixes referenced in the vendor security bulletin as soon as possible.
- If mitigations are unavailable, discontinue use of the affected product or disable/limit the exposed service per vendor guidance.
- Restrict access to J-Web and other management interfaces to trusted administrative networks only.
- Review exposed EX Series and SRX Series devices for suspicious activity and validate configuration integrity.
- Track the CISA KEV due date (2023-11-17) as a hard remediation target for exposed assets.
Evidence notes
This debrief is based only on the supplied CVE metadata, the CISA KEV entry, and the official links provided. The KEV record identifies the affected vendor/product, the vulnerability name, date added, due date, and the vendor-directed action to apply mitigations or discontinue use if mitigations are unavailable. The notes field references a Juniper support portal bulletin about multiple J-Web vulnerabilities that can be combined for pre-auth RCE, but no additional vendor bulletin text was supplied here. No exploit code or offensive reproduction details were used.
Official resources
-
CVE-2023-36845 CVE record
CVE.org
-
CVE-2023-36845 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
Publicly disclosed and listed by CISA in the Known Exploited Vulnerabilities catalog on 2023-11-13. Known ransomware campaign use is unknown in the supplied data.