CVE-2023-0005
EUVD-2023-1211012.04.2023, 17:15
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | pan-os | 8.1.0 ≤ 𝑥 < 8.1.24 |
| paloaltonetworks | pan-os | 9.0.0 ≤ 𝑥 < 9.0.17 |
| paloaltonetworks | pan-os | 9.1.0 ≤ 𝑥 < 9.1.15 |
| paloaltonetworks | pan-os | 10.0.0 ≤ 𝑥 < 10.0.12 |
| paloaltonetworks | pan-os | 10.1.0 ≤ 𝑥 < 10.1.8 |
| paloaltonetworks | pan-os | 10.2.0 ≤ 𝑥 < 10.2.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control SphereThe application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.