Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-0022

Опубликовано: 09 мар. 2022
Источник: nvd
CVSS3: 4.1
CVSS3: 4.4
CVSS2: 4.6
EPSS Низкий

Описание

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 8.1.0 (включая) до 8.1.21 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.0.15 (включая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 9.1.0 (включая) до 9.1.11 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 10.0.0 (включая) до 10.0.7 (исключая)

EPSS

Процентиль: 7%
0.00027
Низкий

4.1 Medium

CVSS3

4.4 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-916
CWE-916

Связанные уязвимости

github логотип

GHSA-4q2w-436r-jx75

CVSS3: 4.4
github
почти 4 года назад

Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS software where the password hashes of administrator and local user accounts are not created with a sufficient level of computational effort, which allows for password cracking attacks on accounts in normal (non-FIPS-CC) operational mode. An attacker must have access to the account password hashes to take advantage of this weakness and can acquire those hashes if they are able to gain access to the PAN-OS software configuration. Fixed versions of PAN-OS software use a secure cryptographic algorithm for account password hashes. This issue does not impact Prisma Access firewalls. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.21; All versions of PAN-OS 9.0; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11; PAN-OS 10.0 versions earlier than PAN-OS 10.0.7.

fstec логотип

BDU:2022-02204

CVSS3: 4.1
fstec
почти 4 года назад

Уязвимость операционных систем PAN-OS, связанная с недостаточным вычислением хэша пароля, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 7%
0.00027
Низкий

4.1 Medium

CVSS3

4.4 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-916
CWE-916