Headline
CVE-2023-0004: CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.
These files can include logs and system components that impact the integrity and availability of PAN-OS software.
Palo Alto Networks Security Advisories / CVE-2023-0004
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact NONE
Privileges Required HIGH
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH
NVD JSON
Published 2023-04-12
Updated 2023-04-12
Reference PAN-171625
Discovered externally
Description
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.
These files can include logs and system components that impact the integrity and availability of PAN-OS software.
Product Status
Versions
Affected
Unaffected
Cloud NGFW
None
All
PAN-OS 11.0
None
All
PAN-OS 10.2
None
All
PAN-OS 10.1
< 10.1.6
>= 10.1.6
PAN-OS 10.0
< 10.0.11
>= 10.0.11
PAN-OS 9.1
< 9.1.15
>= 9.1.15
PAN-OS 9.0
< 9.0.17
>= 9.0.17
PAN-OS 8.1
< 8.1.24
>= 8.1.24
Prisma Access
None
All
Severity:MEDIUM
CVSSv3.1 Base Score:6.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-703: Improper Check or Handling of Exceptional Conditions
Solution
This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions.
Acknowledgments
Palo Alto Networks thanks Wim Barthier and Frank Lycops for discovering and reporting this issue.
Timeline
2023-04-12 Initial publication