CVE-2024-5916
EUVD-2024-4704814.08.2024, 17:15
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | pan-os | 10.2.0 ≤ 𝑥 < 10.2.8 |
| paloaltonetworks | pan-os | 11.0.0 ≤ 𝑥 < 11.0.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-313 - Cleartext Storage in a File or on DiskThe application stores sensitive information in cleartext in a file, or on disk.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.