Description
An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
AU
None
R
Unchanged
V
D
RE
M
U
Amber
Affected products
- Palo Alto Networks / Cloud NGFWAll – All
- Palo Alto Networks / pan-os11.1 – 11.1
- Palo Alto Networks / pan-os11.0 – 11.0
- Palo Alto Networks / pan-os11.2 – 11.2
- Palo Alto Networks / pan-os10.1.0 – 10.1.9
- Palo Alto Networks / pan-os10.2.0 – 10.2.4
- Palo Alto Networks / Prisma AccessAll – All