Junos OS - RCE (CVE-2023-36845)
83Exploiting IPs reported
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to remotely execute code.
CrowdSec analysis
CVE-2023-36845 is a critical vulnerability impacting the J-Web interface of Juniper Networks Junos OS, allowing unauthenticated remote code execution through a crafted PHP environment variable modification.
CrowdSec has been tracking this vulnerability and its exploits since 1st of April 2025.
CrowdSec network observations suggest that most exploitation of CVE-2023-36845 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Data from the CrowdSec community also indicates a gradual decrease in attacks targeting CVE-2023-36845. While still present in the wild, exploitation levels have dropped noticeably week-over-week. This may signal that the vulnerability is becoming less relevant or that defenses are improving fast enough for attackers to lose interest.
Observed exploitation attempts commonly leverage URLs containing /?phprc=/dev/fd/0.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.