Lucene search
HistoryDec 13, 2023 - 7:15 p.m.
CVE-2023-6794
arbitrary file upload
pan-os
admin privilege disruption
firewall
web interface
limited privileges.
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS
0.001
Percentile
18.2%
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Affected configurations
Node
paloaltonetworkspan-osRange8.1.0–8.1.26
ORpaloaltonetworkspan-osRange9.0.0–9.0.17
ORpaloaltonetworkspan-osRange9.1.0–9.1.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| paloaltonetworks | pan-os | * | cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-6794 PAN-OS: File Upload Vulnerability in the Web Interface
2023-12-13 18:16:39
prion
prion
Design/Logic Flaw
2023-12-13 19:15:00
cve
cve
CVE-2023-6794
2023-12-13 19:15:10
nessus
nessus
paloalto
paloalto
PAN-OS: File Upload Vulnerability in the Web Interface
2023-12-13 17:00:00
CVSS3
4.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS
0.001
Percentile
18.2%
Related for NVD:CVE-2023-6794