CVE-2018-9242
published 2018-07-03CVE-2018-9242: The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete…
PriorityP424medium5.5CVSS 3.0
AVLACLPRLUINSUCNIHAN
EPSS
0.43%
34.2th percentile
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 6.1.20 | — |
| paloaltonetworks | pan-os | <= 8.0.9 | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.16 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.06.6MEDIUMAV:L/AC:L/Au:N/C:N/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Local Privilege Escalation in Management Web Interface
vendor_paloalto·2018-06-29·CVSS 5.5
CVE-2018-9242 [MEDIUM] CWE-20 Local Privilege Escalation in Management Web Interface
Local Privilege Escalation in Management Web Interface
A vulnerability exists in the Management web interface that could allow local privilege escalation. The Management web interface does not properly validate specific request parameters, which can potentially allow deletion of files in the system. (Ref. # PAN-90954; CVE-2018-9242)
Successful exploitation of this issue requires the attacker to be authenticated.
This issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier. PAN-OS 8.1 is not affected.
Affected products: PAN-OS
Solution: PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.10 and later
Workaround: This issue affects the web-based management interface of PAN-OS andis strongly mitigated by following best practices for securing t
GHSA
GHSA-7ww5-m53p-hg5m: The PAN-OS management web interface page in PAN-OS 6
ghsa_unreviewed·2022-05-13
CVE-2018-9242 [MEDIUM] CWE-20 GHSA-7ww5-m53p-hg5m: The PAN-OS management web interface page in PAN-OS 6
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-03
Published