CVE Vulnerabilities

CVE-2023-0008

Externally Controlled Reference to a Resource in Another Sphere

Published: May 10, 2023 | Modified: May 17, 2023
CVSS 3.x
4.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.

Weakness

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Affected Software

Name Vendor Start Version End Version
Pan-os Paloaltonetworks 9.0.0 *
Pan-os Paloaltonetworks 10.0.0 *
Pan-os Paloaltonetworks 8.1.0 *
Pan-os Paloaltonetworks 9.1.0 *
Pan-os Paloaltonetworks 11.0.0 11.0.0
Pan-os Paloaltonetworks 10.2.0 *
Pan-os Paloaltonetworks 10.1.0 *

References