CVE-2023-0008 — External Control of File Name or Path in Palo Alto Networks Pan-os

CWE-73 — External Control of File Name or Path CWE-610 — Externally Controlled Reference to a Resource in Another Sphere CWE-94 — Code Injection6 documents6 sources

Severity

4.4MEDIUMNVD

CISA6.8

EPSS

0.4%

top 42.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Cloud Ngfw +2 more

Timeline

PublishedMay 10

Description

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.7 | Impact: 3.6

Affected Packages5 packages

▶NVDpaloaltonetworks/pan-os8.1.0 — 8.1.25+6

▶CVEListV5palo_alto_networks/pan-os8.1 — 8.1.25+6

▶Palo Altopaloalto/prisma_access

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/cloud_ngfw

🔴Vulnerability Details

CVEList

PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface↗2023-05-10

▶

GHSA

GHSA-35m2-6v5h-6f23: A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with access to the web interface to expor↗2023-05-10

▶

📋Vendor Advisories

Palo Alto

PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface↗2023-05-10

▶

VMware

VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)↗2023-04-25

▶

CISA

Mitel MiVoice Connect Code Injection Vulnerability↗2023-02-21

▶