CVE-2018-9334Improper Privilege Management in Paloaltonetworks Pan-os

CWE-269Improper Privilege Management4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 70.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedJul 3
Latest updateMay 13

Description

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDpaloaltonetworks/pan-os7.1.07.1.16+3
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-f8vp-9v2p-2wf6: The PAN-OS management web interface page in PAN-OS 62022-05-13
CVEList
CVE-2018-9334: The PAN-OS management web interface page in PAN-OS 62018-07-03

📋Vendor Advisories

1
Palo Alto
Information Disclosure in the PAN-OS Management Web Interface2018-06-29
CVE-2018-9334 — Improper Privilege Management | cvebase