/PoC-Vuln-Detector-juniper-cve-2023-36845

PoC & vulnerability detector for Juniper EX switches and SRX firewalls

Primary LanguagePython

CVE-2023-36845 Vulnerability Detector

CVE Logo

Description

Banner This Python script serves as both proof of Concept and Vulnerability Detector for CVE-2023-36845. It checks for the presence of the CVE-2023-36845 vulnerability in a target device by sending an HTTP POST request for running phpinfo() on the device. if the operation executes successfully, it indicates that the system may be vulnerable. also, the script has the option to save the phpinfo data of the device in HTML format.

this script was successfully tested on both Juniper EX switches and SRX firewalls series on vulnerable versions.

Prerequisites

  • Python 3.x
  • requests library (you can install it using pip install requests)

Basic Usage

python3 poc-juniper-cve-2023-36845.py -u <target_url>

Options

  • -u or --url: Specify the target URL (required).
  • -o or --output: Specify an output file to save the HTML content (optional).
  • -v or --verbose: Enable verbose mode to display HTTP response and HTML body (optional).

Example

python3 poc-juniper-cve-2023-36845.py -u "http[s]://target-ip" -o output.html -v

Output

  • If the HTTP status code is 200, the script will indicate that the system is vulnerable to CVE-2023-36845.
  • If an output file is specified, the HTML content of the response will be saved to that file.

CVE Logo

Disclaimer

This script is intended for educational and informational purposes only. It should only be used on systems where you have explicit permission to test for vulnerabilities. Unauthorized use of this script may violate laws and regulations.

Author

whiteOwl

resource

https://nvd.nist.gov/vuln/detail/CVE-2023-36845