Design/Logic Flaw

2018-07-0321:29:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.

CPENameOperatorVersion
pan-osgt6.0.0
pan-osle6.1.20
pan-osge7.1.0
pan-osle7.1.16
pan-osgt8.0.0
pan-osle8.0.8
pan-oseq8.1.0

Name	Operator	Version
pan-os	gt	6.0.0
pan-os	le	6.1.20
pan-os	ge	7.1.0
pan-os	le	7.1.16
pan-os	gt	8.0.0
pan-os	le	8.0.8
pan-os	eq	8.1.0

References

www.securityfocus.com/bid/104677

www.securitytracker.com/id/1041243

security.paloaltonetworks.com/CVE-2018-9334