2.7
CVE-2023-6793
- EPSS 0.08%
- Published 13.12.2023 19:15:09
- Last modified 21.11.2024 08:44:34
- Source psirt@paloaltonetworks.com
- Teams watchlist Login
- Open Login
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
Data is provided by the National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version >= 9.1.0 < 9.1.17
Paloaltonetworks ≫ Pan-os Version >= 10.0.0 <= 10.0.12
Paloaltonetworks ≫ Pan-os Version >= 10.1.0 < 10.1.11
Paloaltonetworks ≫ Pan-os Version >= 10.2.0 < 10.2.5
Paloaltonetworks ≫ Pan-os Version >= 11.0.0 < 11.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.244 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
|
| psirt@paloaltonetworks.com | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.