CVE-2023-0008
10.05.2023, 17:15
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.Enginsight
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | pan-os | 8.1.0 ≤ 𝑥 < 8.1.25 |
| paloaltonetworks | pan-os | 9.0.0 ≤ 𝑥 < 9.0.17 |
| paloaltonetworks | pan-os | 9.1.0 ≤ 𝑥 < 9.1.16 |
| paloaltonetworks | pan-os | 10.0.0 ≤ 𝑥 < 10.0.12 |
| paloaltonetworks | pan-os | 10.1.0 ≤ 𝑥 < 10.1.10 |
| paloaltonetworks | pan-os | 10.2.0 ≤ 𝑥 < 10.2.4 |
| paloaltonetworks | pan-os | 11.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-73 - External Control of File Name or PathThe software allows user input to control or influence paths or file names that are used in filesystem operations.
- CWE-610 - Externally Controlled Reference to a Resource in Another SphereThe product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.