CVE-2023-0005 — Exposure of Sensitive System Information to an Unauthorized Control Sphere in Palo Alto Networks Pan-os

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-312 — Cleartext Storage of Sensitive Info CWE-416 — Use After Free9 documents9 sources

Severity

4.9MEDIUMNVD

CNA4.1

EPSS

0.3%

top 50.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Cloud Ngfw +2 more

Timeline

PublishedApr 12

Latest updateDec 30

Description

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages5 packages

▶NVDpaloaltonetworks/pan-os8.1.0 — 8.1.24+5

▶CVEListV5palo_alto_networks/pan-os10.2 — 10.2.3+5

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/cloud_ngfw

▶Palo Altopaloalto/prisma_access

🔴Vulnerability Details

OSV

s390/vmem: split pages when debug pagealloc is enabled↗2025-12-30

▶

CVEList

PAN-OS: Exposure of Sensitive Information Vulnerability↗2023-04-12

▶

GHSA

GHSA-fm8c-g4fr-mj3j: A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the d↗2023-04-12

▶

📋Vendor Advisories

Red Hat

kernel: s390/vmem: split pages when debug pagealloc is enabled↗2025-12-30

▶

Palo Alto

PAN-OS: Exposure of Sensitive Information Vulnerability↗2023-04-12

▶

VMware

VMware vRealize Orchestrator update addresses an XML External Entity (XXE) vulnerability (CVE-2023-20855)↗2023-02-21

▶

🕵️Threat Intelligence

Microsoft

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005 | Microsoft Security Blog↗2017-03-27

▶