mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
3fe27060f9
commit
15921d9636
@ -1,17 +1,237 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-0007",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@paloaltonetworks.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator\u2019s browser when viewed.\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": " CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
|
||||
"cweId": "CWE-80"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Palo Alto Networks",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PAN-OS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "10.0.7",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "10.0.7",
|
||||
"status": "affected",
|
||||
"version": "10.0",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "9.1.16",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "9.1.16",
|
||||
"status": "affected",
|
||||
"version": "9.1",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "9.0.17",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "9.0.17",
|
||||
"status": "affected",
|
||||
"version": "9.0",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "8.1.25",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "8.1.25",
|
||||
"status": "affected",
|
||||
"version": "8.1",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "10.1"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "10.2"
|
||||
},
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "11.0"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Prisma Access",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "All"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Cloud NGFW",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "All"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2023-0007",
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.paloaltonetworks.com/CVE-2023-0007"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"defect": [
|
||||
"PAN-166872"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices\">https://docs.paloaltonetworks.com/best-practices</a><span style=\"background-color: rgb(255, 255, 255);\">.</span><br>"
|
||||
}
|
||||
],
|
||||
"value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices https://docs.paloaltonetworks.com/best-practices .\n"
|
||||
}
|
||||
],
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"
|
||||
}
|
||||
],
|
||||
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"
|
||||
}
|
||||
],
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.7, and all later PAN-OS versions.</span><br>"
|
||||
}
|
||||
],
|
||||
"value": "This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.7, and all later PAN-OS versions.\n"
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Colin McQueen"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -1,17 +1,261 @@
|
||||
{
|
||||
"data_version": "4.0",
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2023-0008",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ASSIGNER": "psirt@paloaltonetworks.com",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with access to the web interface to export local files from the firewall through a race condition.\n\n"
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-73: External Control of File Name or Path",
|
||||
"cweId": "CWE-73"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"vendor_name": "Palo Alto Networks",
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "PAN-OS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "8.1.25",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "8.1.25",
|
||||
"status": "affected",
|
||||
"version": "8.1",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "9.0.17",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "9.0.17",
|
||||
"status": "affected",
|
||||
"version": "9.0",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "9.1.16",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "9.1.16",
|
||||
"status": "affected",
|
||||
"version": "9.1",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "10.0.12",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "10.0.12",
|
||||
"status": "affected",
|
||||
"version": "10.0",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "10.1.10",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "10.1.10",
|
||||
"status": "affected",
|
||||
"version": "10.1",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "10.2.4",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "10.2.4",
|
||||
"status": "affected",
|
||||
"version": "10.2",
|
||||
"versionType": "custom"
|
||||
},
|
||||
{
|
||||
"changes": [
|
||||
{
|
||||
"at": "11.0.1",
|
||||
"status": "unaffected"
|
||||
}
|
||||
],
|
||||
"lessThan": "11.0.1",
|
||||
"status": "affected",
|
||||
"version": "11.0",
|
||||
"versionType": "custom"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Prisma Access",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "All"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Cloud NGFW",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "not down converted",
|
||||
"x_cve_json_5_version_data": {
|
||||
"versions": [
|
||||
{
|
||||
"status": "unaffected",
|
||||
"version": "All"
|
||||
}
|
||||
],
|
||||
"defaultStatus": "unaffected"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://security.paloaltonetworks.com/CVE-2023-0008",
|
||||
"refsource": "MISC",
|
||||
"name": "https://security.paloaltonetworks.com/CVE-2023-0008"
|
||||
}
|
||||
]
|
||||
},
|
||||
"generator": {
|
||||
"engine": "Vulnogram 0.1.0-dev"
|
||||
},
|
||||
"source": {
|
||||
"defect": [
|
||||
"PAN-205063"
|
||||
],
|
||||
"discovery": "EXTERNAL"
|
||||
},
|
||||
"work_around": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/best-practices\">https://docs.paloaltonetworks.com/best-practices</a><span style=\"background-color: rgb(255, 255, 255);\">.</span><br>"
|
||||
}
|
||||
],
|
||||
"value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices https://docs.paloaltonetworks.com/best-practices .\n"
|
||||
}
|
||||
],
|
||||
"exploit": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"
|
||||
}
|
||||
],
|
||||
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n\n"
|
||||
}
|
||||
],
|
||||
"solution": [
|
||||
{
|
||||
"lang": "en",
|
||||
"supportingMedia": [
|
||||
{
|
||||
"base64": false,
|
||||
"type": "text/html",
|
||||
"value": "<span style=\"background-color: rgb(255, 255, 255);\">This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.10, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.</span><br>"
|
||||
}
|
||||
],
|
||||
"value": "This issue is fixed in PAN-OS 8.1.25, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.12, PAN-OS 10.1.10, PAN-OS 10.2.4, PAN-OS 11.0.1, and all later PAN-OS versions.\n"
|
||||
}
|
||||
],
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Alex Hordijk"
|
||||
}
|
||||
],
|
||||
"impact": {
|
||||
"cvss": [
|
||||
{
|
||||
"attackComplexity": "HIGH",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.4,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "HIGH",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -109,6 +109,10 @@
|
||||
]
|
||||
},
|
||||
"credits": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Linkai Zheng"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NanoApe (VulDB User)"
|
||||
|
Loading…
x
Reference in New Issue
Block a user