PAN-OS: Local File Deletion Vulnerability

CVE-2023-0004

6.5MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Prisma Access; Cloud Ngfw
Vendor: CVE Published:; 12 April 2023

Badges

👾 Exploit Exists

Summary

A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.

These files can include logs and system components that impact the integrity and availability of PAN-OS software.

Affected Version(s)

PAN-OS < 8.1.24

PAN-OS < 9.0.17

PAN-OS < 9.1.15

Refferences

https://security.paloaltonetworks.com/CVE-2023-0004

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 2, 2024
Vulnerability published
Apr 12, 2023
Vulnerability Reserved
Oct 27, 2022

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Wim Barthier and Frank Lycops for discovering and reporting this issue.