- Description
- An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.
- Source
- psirt@paloaltonetworks.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
- Severity
- MEDIUM
- psirt@paloaltonetworks.com
- CWE-73
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Threat Alert: Google Releases PoC for CVE-2025-0110 Command Injection in PAN-OS Firewalls CVE-2025-0110 CVE-2025-0109 CVE-2025-0108 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/23GBXF5IbZ #CyberSecurity #ThreatIntel #InfoSec (1/3)
@fletch_ai
22 Feb 2025
49 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
CVE-2025-0109 An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the … https://t.co/LcOhcfplGU
@CVEnew
12 Feb 2025
310 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes