6.5

CVE-2017-7644

The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541.

Data is provided by the National Vulnerability Database (NVD)
PaloaltonetworksPan-os Version <= 6.1.15
PaloaltonetworksPan-os Version7.0.0
PaloaltonetworksPan-os Version7.0.1
PaloaltonetworksPan-os Version7.0.2
PaloaltonetworksPan-os Version7.0.3
PaloaltonetworksPan-os Version7.0.4
PaloaltonetworksPan-os Version7.0.5
PaloaltonetworksPan-os Version7.0.5 Updateh2
PaloaltonetworksPan-os Version7.0.6
PaloaltonetworksPan-os Version7.0.7
PaloaltonetworksPan-os Version7.0.8
PaloaltonetworksPan-os Version7.0.9
PaloaltonetworksPan-os Version7.0.10
PaloaltonetworksPan-os Version7.0.11
PaloaltonetworksPan-os Version7.0.12
PaloaltonetworksPan-os Version7.0.13
PaloaltonetworksPan-os Version7.0.14
PaloaltonetworksPan-os Version7.1.0
PaloaltonetworksPan-os Version7.1.1
PaloaltonetworksPan-os Version7.1.2
PaloaltonetworksPan-os Version7.1.3
PaloaltonetworksPan-os Version7.1.4
PaloaltonetworksPan-os Version7.1.4 Updateh2
PaloaltonetworksPan-os Version7.1.5
PaloaltonetworksPan-os Version7.1.6
PaloaltonetworksPan-os Version7.1.7
PaloaltonetworksPan-os Version7.1.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.23% 0.46
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.