CVE-2023-6793
published 2023-12-13CVE-2023-6793: An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API…
PriorityP410low2.7CVSS 3.1
AVNACLPRHUINSUCNINAL
EPSS
0.56%
42.2th percentile
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | 10.0 – All | — |
| palo_alto_networks | pan-os | >= 10.1 < 10.1.11 | 10.1.11 |
| palo_alto_networks | pan-os | >= 10.2 < 10.2.5 | 10.2.5 |
| palo_alto_networks | pan-os | >= 11.0 < 11.0.2 | 11.0.2 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.17-h4 | 9.0.17-h4 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.17 | 9.1.17 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | 10.0.0 – 10.0.12 | — |
| paloaltonetworks | pan-os | >= 10.1.0 < 10.1.11 | 10.1.11 |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.5 | 10.2.5 |
| paloaltonetworks | pan-os | >= 11.0.0 < 11.0.2 | 11.0.2 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.17 | 9.1.17 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6q2r-m35r-8mf3: An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active
ghsa_unreviewed·2023-12-13
CVE-2023-6793 [LOW] CWE-269 GHSA-6q2r-m35r-8mf3: An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
CISA ICS
Siemens RUGGEDCOM APE1808
cisa_ics·2024-04-11·CVSS 7.5
[HIGH] Siemens RUGGEDCOM APE1808
ICS Advisory
##
Siemens RUGGEDCOM APE1808
Release DateApril 11, 2024
Alert CodeICSA-24-102-04
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM APE1808
- Vulnerabilities: Cross-site Scripting, Improper Privilege Management, Improper Check for Unusual or Exceptional Conditions, Truncation of Security-relevant Information, Insufficient Session Expiration
#
Palo Alto
PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
vendor_paloalto·2023-12-13·CVSS 2.7
CVE-2023-6793 [LOW] CWE-269 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.
Workaround: This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-13
Published