CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0008 – PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
https://notcve.org/view.php?id=CVE-2023-0008
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. • https://security.paloaltonetworks.com/CVE-2023-0008 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0005 – PAN-OS: Exposure of Sensitive Information Vulnerability
https://notcve.org/view.php?id=CVE-2023-0005
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. • https://security.paloaltonetworks.com/CVE-2023-0005 • CWE-312: Cleartext Storage of Sensitive Information CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0028 – Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-0028
A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. • https://security.paloaltonetworks.com/CVE-2022-0028 • CWE-406: Insufficient Control of Network Message Volume (Network Amplification) •