2022-10-27 19:01:13 +00:00
{
2023-04-12 17:00:34 +00:00
"data_version" : "4.0" ,
2022-10-27 19:01:13 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2023-0004" ,
2023-04-12 17:00:34 +00:00
"ASSIGNER" : "psirt@paloaltonetworks.com" ,
"STATE" : "PUBLIC"
2022-10-27 19:01:13 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2023-04-12 17:00:34 +00:00
"value" : "A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.\n\nThese files can include logs and system components that impact the integrity and availability of PAN-OS software."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-703 Improper Check or Handling of Exceptional Conditions" ,
"cweId" : "CWE-703"
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "Palo Alto Networks" ,
"product" : {
"product_data" : [
{
"product_name" : "PAN-OS" ,
"version" : {
"version_data" : [
{
"version_value" : "not down converted" ,
"x_cve_json_5_version_data" : {
"versions" : [
{
"changes" : [
{
"at" : "8.1.24" ,
"status" : "unaffected"
}
] ,
"lessThan" : "8.1.24" ,
"status" : "affected" ,
"version" : "8.1" ,
"versionType" : "custom"
} ,
{
"changes" : [
{
"at" : "9.0.17" ,
"status" : "unaffected"
}
] ,
"lessThan" : "9.0.17" ,
"status" : "affected" ,
"version" : "9.0" ,
"versionType" : "custom"
} ,
{
"changes" : [
{
"at" : "9.1.15" ,
"status" : "unaffected"
}
] ,
"lessThan" : "9.1.15" ,
"status" : "affected" ,
"version" : "9.1" ,
"versionType" : "custom"
} ,
{
"changes" : [
{
"at" : "10.0.11" ,
"status" : "unaffected"
}
] ,
"lessThan" : "10.0.11" ,
"status" : "affected" ,
"version" : "10.0" ,
"versionType" : "custom"
} ,
{
"changes" : [
{
"at" : "10.1.6" ,
"status" : "unaffected"
}
] ,
"lessThan" : "10.1.6" ,
"status" : "affected" ,
"version" : "10.1" ,
"versionType" : "custom"
} ,
{
"status" : "unaffected" ,
"version" : "10.2"
} ,
{
"status" : "unaffected" ,
"version" : "11.0"
}
] ,
"defaultStatus" : "unaffected"
}
}
]
}
} ,
{
"product_name" : "Prisma Access" ,
"version" : {
"version_data" : [
{
"version_value" : "not down converted" ,
"x_cve_json_5_version_data" : {
"versions" : [
{
"status" : "unaffected" ,
"version" : "All"
}
] ,
"defaultStatus" : "unaffected"
}
}
]
}
} ,
{
"product_name" : "Cloud NGFW" ,
"version" : {
"version_data" : [
{
"version_value" : "not down converted" ,
"x_cve_json_5_version_data" : {
"versions" : [
{
"status" : "unaffected" ,
"version" : "All"
}
] ,
"defaultStatus" : "unaffected"
}
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://security.paloaltonetworks.com/CVE-2023-0004" ,
"refsource" : "MISC" ,
"name" : "https://security.paloaltonetworks.com/CVE-2023-0004"
2023-10-25 17:35:29 +00:00
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/" ,
"refsource" : "MISC" ,
"name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
2023-10-26 03:00:34 +00:00
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/" ,
"refsource" : "MISC" ,
"name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/" ,
"refsource" : "MISC" ,
"name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
2023-10-26 05:00:33 +00:00
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/" ,
"refsource" : "MISC" ,
"name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
2023-11-03 22:00:36 +00:00
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/" ,
"refsource" : "MISC" ,
"name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/" ,
"refsource" : "MISC" ,
"name" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
2023-04-12 17:00:34 +00:00
}
]
} ,
"generator" : {
"engine" : "Vulnogram 0.1.0-dev"
} ,
"source" : {
"defect" : [
"PAN-171625"
] ,
"discovery" : "EXTERNAL"
} ,
"exploit" : [
{
"lang" : "en" ,
"supportingMedia" : [
{
"base64" : false ,
"type" : "text/html" ,
"value" : "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
] ,
"value" : "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
] ,
"solution" : [
{
"lang" : "en" ,
"supportingMedia" : [
{
"base64" : false ,
"type" : "text/html" ,
"value" : "This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions."
}
] ,
"value" : "This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions."
}
] ,
"credits" : [
{
"lang" : "en" ,
"value" : "Palo Alto Networks thanks Wim Barthier and Frank Lycops for discovering and reporting this issue."
}
] ,
"impact" : {
"cvss" : [
{
"attackComplexity" : "LOW" ,
"attackVector" : "NETWORK" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "HIGH" ,
"privilegesRequired" : "HIGH" ,
"scope" : "UNCHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" ,
"version" : "3.1"
2022-10-27 19:01:13 +00:00
}
]
}
}
