Lucene search

Palo Alto Networks Product Security Incident Response TeamPA-CVE-2023-0008

HistoryMay 10, 2023 - 4:00 p.m.

PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface

2023-05-1016:00:00

Palo Alto Networks Product Security Incident Response Team

securityadvisories.paloaltonetworks.com

vulnerability

file disclosure

pan-os

web interface

administrator

race condition

mitigation

best practices

technical documentation

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

45.1%

JSON

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.

Work around:
This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.

CPENameOperatorVersion
pan-oslt10.1.10
pan-oslt9.0.17
pan-oslt10.0.12
pan-oslt8.1.25
pan-oslt9.1.16
pan-oslt10.2.4
pan-oslt11.0.1

Name	Operator	Version
pan-os	lt	10.1.10
pan-os	lt	9.0.17
pan-os	lt	10.0.12
pan-os	lt	8.1.25
pan-os	lt	9.1.16
pan-os	lt	10.2.4
pan-os	lt	11.0.1

References

security.paloaltonetworks.com/CVE-2023-0008

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

45.1%

JSON

Related for PA-CVE-2023-0008