CVE-2007-2768Sensitive Information Exposure in Paloalto Prisma SD

CWE-200Sensitive Information Exposure8 documents8 sources
Severity
4.3MEDIUMNVD
CNA5.0OSV5.0
EPSS
0.1%
top 69.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Paloalto Prisma SD
Timeline
PublishedMay 21
Latest updateJun 11

Description

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

Palo Altopaloalto/prisma_sd

🔴Vulnerability Details

3
GHSA
GHSA-7c33-39g7-9rjm: OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, whic2022-05-01
CVEList
CVE-2007-2768: OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, whic2007-05-21
OSV
CVE-2007-2768: OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, whic2007-05-21

📋Vendor Advisories

4
Microsoft
CVE-2007-2768: Mariner: Mariner cve@mitre2024-06-11
Palo Alto
PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION2024-04-05
Debian
CVE-2007-2768: openssh - OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remo...2007
Red Hat
CVE-2007-2768: OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, whic
CVE-2007-2768 — Sensitive Information Exposure | cvebase