CVE-2023-0008
published 2023-05-10CVE-2023-0008: A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to…
PriorityP420medium4.4CVSS 3.1
AVNACHPRHUINSUCHINAN
EPSS
0.54%
41.5th percentile
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.0 < 10.0.12 | 10.0.12 |
| palo_alto_networks | pan-os | >= 10.1 < 10.1.10 | 10.1.10 |
| palo_alto_networks | pan-os | >= 10.2 < 10.2.4 | 10.2.4 |
| palo_alto_networks | pan-os | >= 11.0 < 11.0.1 | 11.0.1 |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.25 | 8.1.25 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.17 | 9.0.17 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.16 | 9.1.16 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.0.0 < 10.0.12 | 10.0.12 |
| paloaltonetworks | pan-os | >= 10.1.0 < 10.1.10 | 10.1.10 |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.4 | 10.2.4 |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.25 | 8.1.25 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.17 | 9.0.17 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.16 | 9.1.16 |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
cisa6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-35m2-6v5h-6f23: A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with access to the web interface to expor
ghsa_unreviewed·2023-05-10
CVE-2023-0008 [MEDIUM] CWE-610 GHSA-35m2-6v5h-6f23: A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with access to the web interface to expor
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with access to the web interface to export local files from the firewall through a race condition.
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
CISA ICS
Siemens RUGGEDCOM APE1808 before V11.0.1
cisa_ics·2024-04-11
Siemens RUGGEDCOM APE1808 before V11.0.1
ICS Advisory
##
Siemens RUGGEDCOM APE1808 before V11.0.1
Release DateApril 11, 2024
Alert CodeICSA-24-102-03
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 6.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM APE1808
- Vulnerabilities: Network Amplification, Exposure of Sensitive System Information to an Unauthorized Control Sphere, External Control of File Name or Path, Cross-site Scripting, Insufficien
Palo Alto
PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
vendor_paloalto·2023-05-10·CVSS 4.4
CVE-2023-0008 [MEDIUM] CWE-73 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.10, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.
Workaround: This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access i
VMware
VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)
vendor_vmware·2023-04-25·CVSS 8.2
CVE-2023-20869 [HIGH] VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)
VMSA-2023-0008: VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)
VMware Workstation and Fusion contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.
CVEs: CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872
Affected products: VMware Fusion, VMware Workstation, Workstation Pro
CISA
Mitel MiVoice Connect Code Injection Vulnerability
cisa·2023-02-21·CVSS 6.8
CVE-2022-41223 [MEDIUM] CWE-94 Mitel MiVoice Connect Code Injection Vulnerability
Vulnerability: Mitel MiVoice Connect Code Injection Vulnerability
Affected: Mitel MiVoice Connect
The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
Required Action: Apply updates per vendor instructions.
Notes: https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008; https://nvd.nist.gov/vuln/detail/CVE-2022-41223
Remediation Due Date: 2023-03-14
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-10
Published