mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
383 lines
16 KiB
JSON
383 lines
16 KiB
JSON
{
|
|
"id": "CVE-2025-0111",
|
|
"sourceIdentifier": "psirt@paloaltonetworks.com",
|
|
"published": "2025-02-12T21:15:16.793",
|
|
"lastModified": "2025-02-21T14:50:23.877",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the \u201cnobody\u201d user.\n\nYou can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\n\n\nThis issue does not affect Cloud NGFW or Prisma Access software."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad de lectura de archivos autenticados en el software PAN-OS de Palo Alto Networks permite que un atacante autenticado con acceso de red a la interfaz web de administraci\u00f3n lea archivos en el sistema de archivos PAN-OS que son legibles por el usuario \u201cnobody\u201d. Puede reducir en gran medida el riesgo de este problema al restringir el acceso a la interfaz web de administraci\u00f3n solo a direcciones IP internas de confianza de acuerdo con nuestras pautas de implementaci\u00f3n de mejores pr\u00e1cticas recomendadas https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431. Este problema no afecta al software Cloud NGFW ni a Prisma Access."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV40": [
|
|
{
|
|
"source": "psirt@paloaltonetworks.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "4.0",
|
|
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red",
|
|
"baseScore": 7.1,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"attackRequirements": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"vulnConfidentialityImpact": "HIGH",
|
|
"vulnIntegrityImpact": "NONE",
|
|
"vulnAvailabilityImpact": "NONE",
|
|
"subConfidentialityImpact": "NONE",
|
|
"subIntegrityImpact": "NONE",
|
|
"subAvailabilityImpact": "NONE",
|
|
"exploitMaturity": "NOT_DEFINED",
|
|
"confidentialityRequirement": "NOT_DEFINED",
|
|
"integrityRequirement": "NOT_DEFINED",
|
|
"availabilityRequirement": "NOT_DEFINED",
|
|
"modifiedAttackVector": "NOT_DEFINED",
|
|
"modifiedAttackComplexity": "NOT_DEFINED",
|
|
"modifiedAttackRequirements": "NOT_DEFINED",
|
|
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
|
"modifiedUserInteraction": "NOT_DEFINED",
|
|
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
|
|
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
|
|
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
|
|
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
|
|
"modifiedSubIntegrityImpact": "NOT_DEFINED",
|
|
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
|
|
"Safety": "NOT_DEFINED",
|
|
"Automatable": "NO",
|
|
"Recovery": "USER",
|
|
"valueDensity": "CONCENTRATED",
|
|
"vulnerabilityResponseEffort": "MODERATE",
|
|
"providerUrgency": "RED"
|
|
}
|
|
}
|
|
],
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"cisaExploitAdd": "2025-02-20",
|
|
"cisaActionDue": "2025-03-13",
|
|
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
|
"cisaVulnerabilityName": "Palo Alto Networks PAN-OS File Read Vulnerability",
|
|
"weaknesses": [
|
|
{
|
|
"source": "psirt@paloaltonetworks.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-73"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-610"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "10.1.0",
|
|
"versionEndExcluding": "10.1.14",
|
|
"matchCriteriaId": "19D52DC1-4441-4C88-B209-9B86FCC2162F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "10.2.0",
|
|
"versionEndExcluding": "10.2.7",
|
|
"matchCriteriaId": "243077CD-5021-4DF3-8AC7-5B14F7FD9710"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "10.2.10",
|
|
"versionEndExcluding": "10.2.12",
|
|
"matchCriteriaId": "F9BD5E2D-61D2-4872-ACD1-D5B442CC809D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.0.0",
|
|
"versionEndExcluding": "11.1.6",
|
|
"matchCriteriaId": "855047CA-ABFA-4F3D-AF98-245D14B75798"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "11.2.0",
|
|
"versionEndExcluding": "11.2.4",
|
|
"matchCriteriaId": "7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B41A7115-A370-49E1-B162-24803E6DD2CB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "65949A49-03A7-491C-B327-127F050AC4F6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E8ACB147-B4C1-4964-B538-EAA117CC6DC1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6643574D-C024-440C-9392-004B7FA4498F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:h8:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7422F37D-7ABA-4BEC-8448-45A8F585D6F9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AA4994CB-6591-4B44-A5D7-3CDF540B97DE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A6AB7874-FE24-42AC-8E3A-822A70722126"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*",
|
|
"matchCriteriaId": "34B083B9-CC1B-43CD-9A16-C018F7FA2DDB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0D88CC33-7E32-4E82-8A94-70759E910510"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h21:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FA91A4E9-CE1E-4CB8-B717-4B0E314C0171"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "776E06EC-2FDA-4664-AB43-9F6BE9B897CA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CBE09375-A863-42FF-813F-C20679D7C45C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1311961A-0EF6-488E-B0C2-EDBD508587C9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5D64390F-F870-4DBF-B0FE-BCDFE58C8685"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F70FC9DF-10C9-4AE5-B64B-3153E2E4E9E8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C3D6D552-6F33-496A-A505-5F59DF3B487B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D1ECD1DC-5A05-4E4F-97F5-136CE777FAB3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h18:*:*:*:*:*:*",
|
|
"matchCriteriaId": "347E5938-24FF-4C2C-B823-988D34706E24"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h19:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C889402F-138A-45B9-BBCF-91FD18A0B810"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CBA2B4FA-16C2-41B9-856D-EDC0CAF7A164"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E5E6A893-2994-40A3-AF35-8AF068B0DE42"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D814F3A3-5E9D-426D-A654-1346D9ECE9B3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8C7E9211-7041-4720-B4B9-3EA95D425263"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CEB258EE-2C6E-4A63-B04C-89C5F76B0878"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0F481B0E-2353-4AB0-8A98-B0EFBC409868"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3F7FC771-527F-4619-B785-6AE1F4722074"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h18:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CCC2A6DA-EB48-42CD-9234-A80C3F6AEFAE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h19:*:*:*:*:*:*",
|
|
"matchCriteriaId": "046874F8-7DA7-4E2A-99BF-509424E6CCBF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4E9EB9C6-78BA-4C66-A4BD-856BF27388CE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3D33A0FB-7538-42BF-84E8-7CCD7EEF9355"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FB95D77F-1263-4D47-A0BB-94A6DA937115"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8EA4C2A7-18CD-4232-B08C-99BEFE497A57"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "357B747E-F960-4AA9-8696-B3BD89933630"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.12:h4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1FDB3D90-6656-49C5-9852-1F987BAEF0F9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C2B871A6-0636-42A0-9573-6F693D7753AD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F1FC63B8-B8D9-4EC1-85CA-2E12B38ACD3E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.13:h2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "60CE628F-C4CB-4342-8D71-DE61A089B612"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.6:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "52C50A07-F4D8-4F1F-BA61-3429BB1721BE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C01AD190-F3C2-4349-A063-8C5C78B725B9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "30F4CD1C-6862-4279-8D2D-40B4D164222F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.2.4:h2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A52B7A7A-483A-4075-B1E9-5C14B66F7FC3"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://security.paloaltonetworks.com/CVE-2025-0111",
|
|
"source": "psirt@paloaltonetworks.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |