PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface

CVE-2023-0008

4.4MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Prisma Access; Cloud Ngfw
Vendor: CVE Published:; 10 May 2023

Badges

👾 Exploit Exists

Summary

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.

Affected Version(s)

PAN-OS < 8.1.25

PAN-OS < 9.0.17

PAN-OS < 9.1.16

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 2, 2024
Clarified that the administrator must have read-write privileges
May 11, 2023
Initial publication
May 10, 2023
Vulnerability published.
May 10, 2023
Vulnerability Reserved.
Oct 27, 2022

Collectors

NVD DatabaseMitre Database

Credit

Alex Hordijk