Juniper.Networks.Junos.OS.PHPRC.ENV.VAR.Remote.Code.Injection
Description
This indicates an attack attempt to exploit a Code Injection Vulnerability in Juniper Networks Junos OS.
The vulnerability is due to improper input validation when handling user supplied input. A remote, authenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could result in arbitrary code injection.
Affected Products
Juniper Junos versions prior to 20.4R3-S9
Juniper Junos versions 21.1R1 and prior
Juniper Junos versions 21.2 versions prior to 21.2R3-S7
Juniper Junos versions 21.3 versions prior to 21.3R3-S5
Juniper Junos versions 21.4 versions prior to 21.4R3-S5
Juniper Junos versions 22.1 versions prior to 22.1R3-S4
Juniper Junos versions 22.2 versions prior to 22.2R3-S2
Juniper Junos versions 22.3 versions prior to 22.3R2-S2, 22.3R3-S
Juniper Junos versions 22.4 versions prior to 22.4R2-S1, 22.4R3
Juniper Junos versions 23.2 versions prior to 23.2R1-S1, 23.2R2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://supportportal.juniper.net/JSA72300
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2024-03-13 | 27.748 | Sig Added |
2024-02-07 | 26.729 | Default_action:pass:drop |
2023-12-06 | 26.690 | Sig Added |
2023-11-23 | 26.683 | Sig Added |
2023-10-26 | 25.666 |