Fileless Remote Code Execution on Juniper Firewalls - Blog - VulnCheck
Tags
| attack-pattern: | Data Credentials - T1589.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | c2fdb51a-0cf7-499d-80b7-104f064a147d |
| Fingerprint | df6a1a74ffa9d0a7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 18, 2023, midnight |
| Added to db | Aug. 31, 2024, 8:53 a.m. |
| Last updated | Nov. 17, 2024, 12:54 p.m. |
| Headline | Fileless Remote Code Execution on Juniper Firewalls |
| Title | Fileless Remote Code Execution on Juniper Firewalls - Blog - VulnCheck |
| Detected Hints/Tags/Attributes | 49/1/21 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 12 | cve-2023-36845 |
|
| Details | CVE | 11 | cve-2023-36846 |
|
| Details | CVE | 12 | cve-2023-36844 |
|
| Details | CVE | 11 | cve-2023-36847 |
|
| Details | CVE | 4 | cve-2023-36851 |
|
| Details | Domain | 24 | php.net |
|
| Details | File | 3 | webauth_operation.php |
|
| Details | File | 55 | test.php |
|
| Details | File | 33 | php.ini |
|
| Details | File | 2 | juniper.css |
|
| Details | File | 75 | favicon.ico |
|
| Details | File | 7 | httpd.log |
|
| Details | File | 2 | mpr_%d_%d_%d.tmp |
|
| Details | File | 2 | mpr_1479_59421_1.tmp |
|
| Details | File | 2 | wiz_config_server.txt |
|
| Details | File | 23 | about.php |
|
| Details | IPv4 | 2 | 10.12.72.1 |
|
| Details | Url | 2 | http://10.12.72.1/webauth_operation.php |
|
| Details | Url | 2 | http://10.12.72.1/?phprc= |
|
| Details | Url | 2 | http://10.12.72.1 |
|
| Details | Url | 2 | http://10.12.72.1/about.php?phprc= |