Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-6793: CVE-2023-6793 PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator

An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.

CVE
Open in Source
#vulnerability#js#auth

Palo Alto Networks Security Advisories / CVE-2023-6793

Urgency REDUCED

Response Effort LOW

Recovery USER

Value Density DIFFUSE

Attack Vector NETWORK

Attack Complexity LOW

Attack Requirements NONE

Automatable YES

User Interaction NONE

Product Confidentiality NONE

Product Integrity NONE

Product Availability LOW

Privileges Required HIGH

Subsequent Confidentiality NONE

Subsequent Integrity NONE

Subsequent Availability NONE

NVD JSON

Published 2023-12-13

Updated 2023-12-13

Reference PAN-220267 and PAN-220269

Discovered externally

Description

An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.

Product Status

Versions

Affected

Unaffected

Cloud NGFW

None

All

PAN-OS 11.1

None

All

PAN-OS 11.0

< 11.0.2

>= 11.0.2

PAN-OS 10.2

< 10.2.5

>= 10.2.5

PAN-OS 10.1

< 10.1.11

>= 10.1.11

PAN-OS 10.0

All

None

PAN-OS 9.1

< 9.1.17

>= 9.1.17

PAN-OS 9.0

< 9.0.17-h4

>= 9.0.17-h4

PAN-OS 8.1

None

All

Prisma Access

None

All

Required Configuration for Exposure

This issue is applicable only to PAN-OS configurations that have XML API access enabled.

You can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access

Severity: MEDIUM

CVSSv4.0 Base Score: 5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-269 Improper Privilege Management

Solution

This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.

Workarounds and Mitigations

This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.

Acknowledgments

Palo Alto Networks thanks an external reporter for discovering and reporting this issue.

Timeline

2023-12-13 Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE