Page 6 of 30 results (0.017 seconds)

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system. • https://security.paloaltonetworks.com/CVE-2023-38046 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link. • https://security.paloaltonetworks.com/CVE-2023-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. • https://security.paloaltonetworks.com/CVE-2023-0008 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. • https://security.paloaltonetworks.com/CVE-2023-0005 • CWE-312: Cleartext Storage of Sensitive Information CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 8.6EPSS: 0%CPEs: 6EXPL: 0

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. • https://security.paloaltonetworks.com/CVE-2022-0028 • CWE-406: Insufficient Control of Network Message Volume (Network Amplification) •