CVE-2023-6791 PAN-OS: Plaintext Disclosure of External System Integration Credentials

2023-12-1318:30:17

CWE-701

palo_alto

www.cve.org

pan-os

plaintext disclosure

external system integrations

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

18.1%

JSON

A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "8.1.24-h1",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.1.24-h1",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.0.17",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.17",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.1.16",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.1.16",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.0.12",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.0.12",
        "status": "affected",
        "version": "10.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.1.9",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.1.9",
        "status": "affected",
        "version": "10.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.2.4",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.2.4",
        "status": "affected",
        "version": "10.2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "11.0.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "11.0.1",
        "status": "affected",
        "version": "11.0",
        "versionType": "custom"
      },
      {
        "lessThan": "All",
        "status": "unaffected",
        "version": "11.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Prisma Access",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cloud NGFW",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  }
]