CVE-2023-0004 — Improper Check or Handling of Exceptional Conditions in Palo Alto Networks Pan-os

CWE-703 — Improper Check or Handling of Exceptional Conditions5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

1.3%

top 20.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Fedoraproject Fedora +3 more

Timeline

PublishedApr 12

Description

A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages5 packages

▶NVDpaloaltonetworks/pan-os8.1.0 — 8.1.24+4

▶CVEListV5palo_alto_networks/pan-os8.1 — 8.1.24+4

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/cloud_ngfw

▶Palo Altopaloalto/prisma_access

Also affects: Fedora 37, 38, 39

🔴Vulnerability Details

CVEList

PAN-OS: Local File Deletion Vulnerability↗2023-04-12

▶

GHSA

GHSA-mgj2-46rc-8756: A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file s↗2023-04-12

▶

📋Vendor Advisories

Palo Alto

PAN-OS: Local File Deletion Vulnerability↗2023-04-12

▶

VMware

VMware Carbon Black App Control updates address an injection vulnerability (CVE-2023-20858)↗2023-02-21

▶