cbcvebase.
CVE-2018-9334
published 2018-07-03

CVE-2018-9334: The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an…

PriorityP425medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EPSS
0.38%
29.8th percentile
The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.

Affected

5 ranges
VendorProductVersion rangeFixed in
paloaltopan-os
paloaltonetworkspan-os<= 6.1.20
paloaltonetworkspan-os<= 8.0.8
paloaltonetworkspan-os
paloaltonetworkspan-os7.1.0 – 7.1.16

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.