Description
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Palo Alto Networks / Cloud NGFWAll – All
- Palo Alto Networks / pan-os9.0 – 9.0.17
- Palo Alto Networks / pan-os9.1 – 9.1.16
- Palo Alto Networks / pan-os10.0 – 10.0.12
- Palo Alto Networks / pan-os8.1 – 8.1.25
- Palo Alto Networks / pan-os10.2 – 10.2.4
- Palo Alto Networks / pan-os11.0 – 11.0.1
- Palo Alto Networks / pan-os10.1 – 10.1.10
- Palo Alto Networks / Prisma AccessAll – All