PAN-OS: Read System Files and Resources During Configuration Commit
CVE-2023-38046
4.9MEDIUM
Key Information
- Vendor
- Palo Alto Networks
- Status
- PAN-OS
- Cloud NGFW
- Prisma Access
- Vendor
- CVE Published:
- 12 July 2023
Summary
A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.
Affected Version(s)
PAN-OS < 11.0.1
PAN-OS < 10.2.4
PAN-OS >= 10.1
Refferences
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability Reserved
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
Kajetan Rostojek