CVE-2023-6791

Published: Dec 13, 2023Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.

Affected (7)

Products: Paloaltonetworks: Pan Os

Paloaltonetworks

1 product

Pan Os

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Pan Os	From 10.0.0 to 10.0.12
Paloaltonetworks Pan Os	From 10.1.0 to 10.1.9
Paloaltonetworks Pan Os	From 10.2.0 to 10.2.4
Paloaltonetworks Pan Os	From 8.1.0 to 8.1.24
Paloaltonetworks Pan Os	From 9.0.0 to 9.0.17
Paloaltonetworks Pan Os	From 9.1.0 to 9.1.16
Paloaltonetworks Pan Os	Version 11.0.0

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CWE-701

References (2)

https://security.paloaltonetworks.com/CVE-2023-6791

Source: psirt@paloaltonetworks.com

Vendor Advisory

https://security.paloaltonetworks.com/CVE-2023-6791

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.