CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface

2023-05-1016:34:18

CWE-73

palo_alto

www.cve.org

pan-os

file disclosure

vulnerability

web interface

race condition

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "8.1.25",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.1.25",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.0.17",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.17",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.1.16",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.1.16",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.0.12",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.0.12",
        "status": "affected",
        "version": "10.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.1.10",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.1.10",
        "status": "affected",
        "version": "10.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.2.4",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.2.4",
        "status": "affected",
        "version": "10.2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "11.0.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "11.0.1",
        "status": "affected",
        "version": "11.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Prisma Access",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cloud NGFW",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  }
]