来源

关联漏洞

描述

This Python script automates the Proof of Concept (PoC) for CVE-2023-36845, a vulnerability impacting Juniper Networks Junos OS on EX and SRX Series devices. The vulnerability resides in the J-Web component, allowing remote manipulation of the PHPRC variable, potentially leading to code injection.

介绍

**CVE-2023-36845**

This script provides an automated Proof of Concept (PoC) for CVE-2023-36845, a vulnerability affecting Juniper Networks Junos OS on EX and SRX Series devices. It exploits the J-Web component, allowing remote modification of the PHPRC variable and potential code injection.

Affected Versions:

* Junos OS versions susceptible to CVE-2023–36845:
    1. All versions prior to 20.4R3-S9
    2. 21.1R1 and later
    3. 21.2 versions prior to 21.2R3-S7
    4. 21.3 versions prior to 21.3R3-S5
    5. 21.4 versions prior to 21.4R3-S5
    6. 22.1 versions prior to 22.1R3-S4
    7. 22.2 versions prior to 22.2R3-S2
    8. 22.3 versions prior to 22.3R2-S2, 22.3R3-S1
    9. 22.4 versions prior to 22.4R2-S1, 22.4R3
    10. 23.2 versions prior to 23.2R1-S1, 23.2R2

**Prerequisites**
1. Python 3.x
2. Required Python library: requests==2.26.0

**Installation**

git clone https://github.com/0xNehru/CVE-2023-36845-Juniper-Vulnerability.git

cd CVE-2023-36845-Juniper-Vulnerability

**Install required libraries:**

pip install -r requirements.txt

**Usage**

python3 CVE-2023-36845-POC.py

**Warning:** Use responsibly with explicit permission. Unauthorized testing may have legal consequences.

**Contributing:**  Pull requests welcome. For major changes, open an issue to discuss. Script designed to exploit multiple IPs concurrently.

**Noted** - This version includes instructions to **save the target hosts**' IP addresses in a **hosts.txt** file before running the script.

文件快照

 [4.0K]  /data/pocs/4ae1384a7e41de3886819b94a51f88a857436f5a
├── [1.2K]  CVE-2023–36845.py
├── [1.5K]  README.md
└── [  17]  requirements.txt

0 directories, 3 files

备注