CVE-2018-9334
published 2018-07-03CVE-2018-9334: The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an…
PriorityP425medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EPSS
0.38%
29.8th percentile
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 6.1.20 | — |
| paloaltonetworks | pan-os | <= 8.0.8 | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.16 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f8vp-9v2p-2wf6: The PAN-OS management web interface page in PAN-OS 6
ghsa_unreviewed·2022-05-13
CVE-2018-9334 [MEDIUM] CWE-269 GHSA-f8vp-9v2p-2wf6: The PAN-OS management web interface page in PAN-OS 6
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.
Palo Alto
Information Disclosure in the PAN-OS Management Web Interface
vendor_paloalto·2018-06-29·CVSS 5.5
CVE-2018-9334 [MEDIUM] CWE-269 Information Disclosure in the PAN-OS Management Web Interface
Information Disclosure in the PAN-OS Management Web Interface
A local privilege escalation vulnerability exists in the PAN-OS management web interface that allows the administrator to access the password hashes of local users by manipulating the HTML markup. (Ref. # PAN-91564; CVE-2018-9334)
Successful exploitation of this issue requires the attacker to be authenticated.
This issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0
Affected products: PAN-OS
Solution: PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.9 and later, and PAN-OS 8.1.1 and later
Workaround: This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface o
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-07-03
Published