{"uuid": "b17a7148-f932-41da-b810-7416d8f33b05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36844", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/184", "content": "CVE-2023-36844 And Friends: RCE In Juniper Devices\n\n\ud83d\udc64 by Sonny\n\nA recent out-of-cycle Juniper security bulletin caught team's attention, describing two bugs which, although only a 5.3 on the CVSS scale individually, supposedly could be combined for RCE. The bulletin actually contains four CVEs, as the two bugs apply to two separate platforms (the -EX switches and -SRX firewall devices). They'll focus just on the -SRX bugs, as they expect the -EX bugs to be identical. These are two individual flaws.\n\nThis is an interesting bug chain, utilising two bugs that would be near-useless in isolation and combining them for a 'world ending' unauthenticated RCE.\n\n\ud83d\udcdd Contents:\n\u25cf First Impressions\n\u25cf Of $internal_functions\n\u25cf Interesting Internal Functions\n\u25cf A Polluted Environment\n\u25cf Preloading Libraries\n\u25cf We don't need no steenkin' binaries\n\u25cf Other bits and bobs\n\u25cf Aftermath\n\u25cf Proof of Concept\n\u25cf Closing words\n\nhttps://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/", "creation_timestamp": "2023-08-28T06:49:00.000000Z"}