6.3
CVE-2023-6792
- EPSS 0.2%
- Veröffentlicht 13.12.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:44:34
- Quelle psirt@paloaltonetworks.com
- Teams Watchlist Login
- Unerledigt Login
An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version >= 8.1.0 < 8.1.24
Paloaltonetworks ≫ Pan-os Version >= 9.0.0 < 9.0.17
Paloaltonetworks ≫ Pan-os Version >= 9.1.0 < 9.1.15
Paloaltonetworks ≫ Pan-os Version >= 10.0.0 < 10.0.12
Paloaltonetworks ≫ Pan-os Version >= 10.1.0 < 10.1.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.425 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| psirt@paloaltonetworks.com | 5.5 | 1.2 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.