CVE-2025-0123

Опубликовано: 11 апр. 2025

Источник: nvd

EPSS Низкий

Описание

In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring .

The administrator must obtain network access to the management interface (web, SSH, console, or telne

Ссылки

https://security.paloaltonetworks.com/CVE-2025-0123

EPSS

Процентиль: 0%

0.00007

Низкий

Дефекты

CWE-312

Связанные уязвимости

GHSA-379r-vg26-3rr8

github

4 месяца назад

A vulnerability in the Palo Alto Networks PAN-OS® software enables unlicensed administrators to view clear-text data captured using the packet capture feature https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/take-packet-captures/take-a-custom-packet-capture in decrypted HTTP/2 data streams traversing network interfaces on the firewall. HTTP/1.1 data streams are not impacted. In normal conditions, decrypted packet captures are available to firewall administrators after they obtain and install a free Decryption Port Mirror license. The license requirement ensures that this feature can only be used after approved personnel purposefully activate the license. For more information, review how to configure decryption port mirroring https://docs.paloaltonetworks.com/network-security/decryption/administration/monitoring-decryption/configure-decryption-port-mirroring . The administrator must obtain network access to the management interface (web, SSH, console, or te...

BDU:2025-09215

CVSS3: 2.3

fstec