CVE-2018-9242Improper Input Validation in Paloaltonetworks Pan-os

CWE-20Improper Input Validation4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 72.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedJul 3
Latest updateMay 13

Description

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDpaloaltonetworks/pan-os7.1.07.1.16+2
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-7ww5-m53p-hg5m: The PAN-OS management web interface page in PAN-OS 62022-05-13
CVEList
CVE-2018-9242: The PAN-OS management web interface page in PAN-OS 62018-07-03

📋Vendor Advisories

1
Palo Alto
Local Privilege Escalation in Management Web Interface2018-06-29
CVE-2018-9242 — Improper Input Validation | cvebase