CVE-2023-6794
published 2023-12-13CVE-2023-6794: An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface…
PriorityP430medium4.7CVSS 3.1
AVNACLPRHUINSUCLILAL
EPSS
0.57%
43.0th percentile
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 8.1 < 8.1.26 | 8.1.26 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.17-h1 | 9.0.17-h1 |
| palo_alto_networks | pan-os | >= 9.1 < 9.1.14 | 9.1.14 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.26 | 8.1.26 |
| paloaltonetworks | pan-os | >= 9.0.0 < 9.0.17 | 9.0.17 |
| paloaltonetworks | pan-os | >= 9.1.0 < 9.1.14 | 9.1.14 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-OS: File Upload Vulnerability in the Web Interface
vendor_paloalto·2023-12-13·CVSS 4.7
CVE-2023-6794 [MEDIUM] CWE-434 PAN-OS: File Upload Vulnerability in the Web Interface
PAN-OS: File Upload Vulnerability in the Web Interface
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h1, PAN-OS 9.1.14, and all later PAN-OS versions.
Please note that customers impacted by the PAN-OS root and default certificate expiration issue must carefully select the fixed version of PAN-OS they upgrade their devices to when addressing this vulnerability to not reintroduce the certificate issue. More information and support for the certificate expira
GHSA
GHSA-pgj7-38qw-cw8c: An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web
ghsa_unreviewed·2023-12-13
CVE-2023-6794 [MEDIUM] CWE-434 GHSA-pgj7-38qw-cw8c: An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-13
Published