Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-0111

Опубликовано: 12 фев. 2025
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue does not affect Cloud NGFW or Prisma Access software.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 10.1.0 (включая) до 10.1.14 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 10.2.0 (включая) до 10.2.7 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 10.2.10 (включая) до 10.2.12 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.1.6 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия от 11.2.0 (включая) до 11.2.4 (исключая)
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*

EPSS

Процентиль: 83%
0.02035
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-73
CWE-610

Связанные уязвимости

github логотип

GHSA-wmcv-pj3g-38rp

CVSS3: 6.5
github
12 месяцев назад

An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user. You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue does not affect Cloud NGFW or Prisma Access software.

fstec логотип

BDU:2025-02463

CVSS3: 6.5
fstec
12 месяцев назад

Уязвимость операционной системы PAN-OS, связанная с некорректным внешним управлением именем или путем файла, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации

EPSS

Процентиль: 83%
0.02035
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-73
CWE-610