CVE-2023-6791

Published Dec 13, 2023

Last updated a year ago

CVSS medium 4.9

Overview

Description: A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.
Source: psirt@paloaltonetworks.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.9
Impact score: 3.6
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-522
psirt@paloaltonetworks.com: CWE-701

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7D77695-CFDE-4BAE-8C8B-E389CC5C7A3F",
            "versionEndExcluding": "8.1.24",
            "versionStartIncluding": "8.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE",
            "versionEndExcluding": "9.0.17",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56181B13-327B-4249-A7E8-246B2420CEFC",
            "versionEndExcluding": "9.1.16",
            "versionStartIncluding": "9.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71F1F86A-8158-4BE8-B509-5F50421DA829",
            "versionEndExcluding": "10.0.12",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18EE46C0-B863-4AE4-833C-05030D8AD1AF",
            "versionEndExcluding": "10.1.9",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D61F01F8-1598-4078-9D98-BFF5B62F3BA5",
            "versionEndExcluding": "10.2.4",
            "versionStartIncluding": "10.2.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F3693A5-182E-4723-BE2A-062D0C9E736C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References