CVE-2012-6603Improper Authentication in Paloaltonetworks Pan-os

CWE-287Improper Authentication4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
2.3%
top 15.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedAug 31
Latest updateMay 13

Description

The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-q8cv-h3rc-632g: The web management UI in Palo Alto Networks PAN-OS before 32022-05-13
CVEList
CVE-2012-6603: The web management UI in Palo Alto Networks PAN-OS before 32013-08-31

📋Vendor Advisories

1
Palo Alto
Credential Bypass Vulnerability2012-04-27
CVE-2012-6603 — Improper Authentication | cvebase