=================================================================== CERT-Renater Note d'Information No. 2023/VULN161 _____________________________________________________________________ DATE : 14/04/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): PAN-OS versions prior to 8.1.24, 9.0.17, 9.1.15, 10.0.12, 10.1.8, 10.2.3. ====================================================================https://security.paloaltonetworks.com/CVE-2023-0005 https://security.paloaltonetworks.com/CVE-2023-0004 _____________________________________________________________________ CVE-2023-0005 PAN-OS: Exposure of Sensitive Information Vulnerability Severity 4.1 · MEDIUM Attack Vector LOCAL Scope UNCHANGED Attack Complexity HIGH Confidentiality Impact HIGH Privileges Required HIGH Integrity Impact NONE User Interaction NONE Availability Impact NONE NVD JSON Published 2023-04-12 Updated 2023-04-12 Reference PAN-198986 Discovered externally Description A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. Product Status Versions Affected Unaffected Cloud NGFW None All PAN-OS 11.0 None All PAN-OS 10.2 < 10.2.3 >= 10.2.3 PAN-OS 10.1 < 10.1.8 >= 10.1.8 PAN-OS 10.0 < 10.0.12 >= 10.0.12 PAN-OS 9.1 < 9.1.15 >= 9.1.15 PAN-OS 9.0 < 9.0.17 >= 9.0.17 PAN-OS 8.1 < 8.1.24 >= 8.1.24 Prisma Access None All Severity:MEDIUM CVSSv3.1 Base Score:4.1 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N) Exploitation Status Palo Alto Networks is not aware of any malicious exploitation of this issue. However, a proof of concept script for this issue is publicly available. Weakness Type CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere Solution This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.12, PAN-OS 10.1.8, PAN-OS 10.2.3, and all later PAN-OS versions. Workarounds and Mitigations This issue requires the attacker to have authenticated access to the PAN-OS management interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices. Acknowledgments Palo Alto Networks thanks the security researcher rqu for discovering and reporting this issue. Timeline 2023-04-12 Initial publication _____________________________________________________________________ CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability Severity 6.5 · MEDIUM Attack Vector NETWORK Scope UNCHANGED Attack Complexity LOW Confidentiality Impact NONE Privileges Required HIGH Integrity Impact HIGH User Interaction NONE Availability Impact HIGH NVD JSON Published 2023-04-12 Updated 2023-04-12 Reference PAN-171625 Discovered externally Description A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software. Product Status Versions Affected Unaffected Cloud NGFW None All PAN-OS 11.0 None All PAN-OS 10.2 None All PAN-OS 10.1 < 10.1.6 >= 10.1.6 PAN-OS 10.0 < 10.0.11 >= 10.0.11 PAN-OS 9.1 < 9.1.15 >= 9.1.15 PAN-OS 9.0 < 9.0.17 >= 9.0.17 PAN-OS 8.1 < 8.1.24 >= 8.1.24 Prisma Access None All Severity:MEDIUM CVSSv3.1 Base Score:6.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) Exploitation Status Palo Alto Networks is not aware of any malicious exploitation of this issue. Weakness Type CWE-703: Improper Check or Handling of Exceptional Conditions Solution This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions. Workarounds and Mitigations This issue requires the attacker to have authenticated access to the PAN-OS management interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices. Acknowledgments Palo Alto Networks thanks Wim Barthier and Frank Lycops for discovering and reporting this issue. Timeline 2023-04-12 Initial publication ========================================================+ CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =======================================================