Action not permitted
Modal body text goes here.
Modal Title
Modal Body
icsa-24-102-04
Vulnerability from csaf_cisa
Published
2024-04-09 00:00
Modified
2024-12-10 00:00
Summary
Siemens RUGGEDCOM APE1808
Notes
Summary
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.
Siemens has released a new version of Palo Alto Networks Virtual NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications.
[1] https://security.paloaltonetworks.com/
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Communications, Critical Manufacturing, Transportation Systems
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.\n\nSiemens has released a new version of Palo Alto Networks Virtual NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications.\n\n[1] https://security.paloaltonetworks.com/", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.", title: "Terms of Use", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "other", text: "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.", title: "Advisory Conversion Disclaimer", }, { category: "other", text: "Communications, Critical Manufacturing, Transportation Systems", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", title: "Recommended Practices", }, { category: "general", text: "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", title: "Recommended Practices", }, { category: "general", text: "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, ], publisher: { category: "other", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "SSA-455250: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.2-h3 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-455250.json", }, { category: "self", summary: "SSA-455250: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.2-h3 - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-455250.html", }, { category: "self", summary: "ICS Advisory ICSA-24-102-04 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-102-04.json", }, { category: "self", summary: "ICS Advisory ICSA-24-102-04 - Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-102-04", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, ], title: "Siemens RUGGEDCOM APE1808", tracking: { current_release_date: "2024-12-10T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-24-102-04", initial_release_date: "2024-04-09T00:00:00.000000Z", revision_history: [ { date: "2024-04-09T00:00:00.000000Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, { date: "2024-05-14T00:00:00.000000Z", legacy_version: "1.1", number: "2", summary: "Added newly published upstream vulnerabilities: CVE-2017-8923, CVE-2017-9120, CVE-2020-25658, CVE-2021-21708, CVE-2021-43527, CVE-2022-1271, CVE-2022-31676, CVE-2022-3515, CVE-2022-37454, CVE-2022-47629, CVE-2023-0286, CVE-2024-3383, CVE-2024-3386, CVE-2024-3387, CVE-2024-3388, CVE-2024-3400", }, { date: "2024-07-09T00:00:00.000000Z", legacy_version: "1.2", number: "3", summary: "Added fix for RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. Moved CVE-2023-48795 to SSA-364175", }, { date: "2024-09-10T00:00:00.000000Z", legacy_version: "1.3", number: "4", summary: "Added newly published upstream vulnerability CVE-2024-5916", }, { date: "2024-10-08T00:00:00.000000Z", legacy_version: "1.4", number: "5", summary: "Added newly published upstream vulnerability CVE-2024-8688", }, { date: "2024-12-10T00:00:00.000000Z", legacy_version: "1.5", number: "6", summary: "Added newly published upstream vulnerabilities CVE-2024-2551, CVE-2024-5918, CVE-2024-5919", }, ], status: "final", version: "6", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "RUGGEDCOM APE1808", product_id: "CSAFPID-0001", }, }, { category: "product_version_range", name: "vers:all/*", product: { name: "RUGGEDCOM APE1808", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "RUGGEDCOM APE1808", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2017-8923", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2017-8923", }, { cve: "CVE-2017-9120", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "summary", text: "PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2017-9120", }, { cve: "CVE-2020-25658", cwe: { id: "CWE-385", name: "Covert Timing Channel", }, notes: [ { category: "summary", text: "It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2020-25658", }, { cve: "CVE-2021-21708", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-21708", }, { cve: "CVE-2021-43527", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. Note: This vulnerability does NOT impact Mozilla Firefox. However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-43527", }, { cve: "CVE-2022-1271", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1271", }, { cve: "CVE-2022-3515", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "summary", text: "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3515", }, { cve: "CVE-2022-31676", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "summary", text: "VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-31676", }, { cve: "CVE-2022-37454", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "summary", text: "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-37454", }, { cve: "CVE-2022-47629", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "summary", text: "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-47629", }, { cve: "CVE-2023-0286", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-0286", }, { cve: "CVE-2023-6789", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "summary", text: "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-6789", }, { cve: "CVE-2023-6793", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "summary", text: "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 2.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-6793", }, { cve: "CVE-2023-38802", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "summary", text: "FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0002", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0002", ], }, ], title: "CVE-2023-38802", }, { cve: "CVE-2024-0008", cwe: { id: "CWE-613", name: "Insufficient Session Expiration", }, notes: [ { category: "summary", text: "Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-0008", }, { cve: "CVE-2024-2551", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2024-2551", }, { cve: "CVE-2024-3383", cwe: { id: "CWE-282", name: "Improper Ownership Management", }, notes: [ { category: "summary", text: "A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-3383", }, { cve: "CVE-2024-3386", cwe: { id: "CWE-436", name: "Interpretation Conflict", }, notes: [ { category: "summary", text: "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-3386", }, { cve: "CVE-2024-3387", cwe: { id: "CWE-326", name: "Inadequate Encryption Strength", }, notes: [ { category: "summary", text: "A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-3387", }, { cve: "CVE-2024-3388", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "summary", text: "A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-3388", }, { cve: "CVE-2024-5916", cwe: { id: "CWE-312", name: "Cleartext Storage of Sensitive Information", }, notes: [ { category: "summary", text: "An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-5916", }, { cve: "CVE-2024-5918", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you \"Allow Authentication with User Credentials OR Client Certificate.\"", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2024-5918", }, { cve: "CVE-2024-5919", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, notes: [ { category: "summary", text: "A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 3.8, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2024-5919", }, { cve: "CVE-2024-8688", cwe: { id: "CWE-155", name: "Improper Neutralization of Wildcards or Matching Symbols", }, notes: [ { category: "summary", text: "An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", ], }, remediations: [ { category: "vendor_fix", details: "Upgrade Palo Alto Networks Virtual NGFW V11.1.2-h3. Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2024-8688", }, ], }
cve-2023-0286
Vulnerability from cvelistv5
Published
2023-02-08 19:01
Modified
2025-03-20 20:52
Severity ?
EPSS score ?
Summary
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:02:44.187Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "OpenSSL Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20230207.txt", }, { name: "3.0.8 git commit", tags: [ "patch", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", }, { name: "1.1.1t git commit", tags: [ "patch", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", }, { name: "1.0.2zg patch (premium)", tags: [ "patch", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", }, { tags: [ "x_transferred", ], url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", }, { tags: [ "x_transferred", ], url: "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202402-08", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-0286", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-06T15:57:22.031399Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-843", description: "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T20:52:26.649Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "OpenSSL", vendor: "OpenSSL", versions: [ { lessThan: "3.0.8", status: "affected", version: "3.0.0", versionType: "semver", }, { lessThan: "1.1.1t", status: "affected", version: "1.1.1", versionType: "custom", }, { lessThan: "1.0.2zg", status: "affected", version: "1.0.2", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "David Benjamin (Google)", }, { lang: "en", type: "remediation developer", user: "00000000-0000-4000-9000-000000000000", value: "Hugo Landau", }, ], datePublic: "2023-02-07T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "There is a type confusion vulnerability relating to X.400 address processing<br>inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but<br>the public structure definition for GENERAL_NAME incorrectly specified the type<br>of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by<br>the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an<br>ASN1_STRING.<br><br>When CRL checking is enabled (i.e. the application sets the<br>X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass<br>arbitrary pointers to a memcmp call, enabling them to read memory contents or<br>enact a denial of service. In most cases, the attack requires the attacker to<br>provide both the certificate chain and CRL, neither of which need to have a<br>valid signature. If the attacker only controls one of these inputs, the other<br>input must already contain an X.400 address as a CRL distribution point, which<br>is uncommon. As such, this vulnerability is most likely to only affect<br>applications which have implemented their own functionality for retrieving CRLs<br>over a network.<br><br>", }, ], value: "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", }, ], metrics: [ { format: "other", other: { content: { text: "High", }, type: "https://www.openssl.org/policies/secpolicy.html", }, }, ], problemTypes: [ { descriptions: [ { description: "type confusion vulnerability", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-04T09:06:58.565Z", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "OpenSSL Advisory", tags: [ "vendor-advisory", ], url: "https://www.openssl.org/news/secadv/20230207.txt", }, { name: "3.0.8 git commit", tags: [ "patch", ], url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", }, { name: "1.1.1t git commit", tags: [ "patch", ], url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", }, { name: "1.0.2zg patch (premium)", tags: [ "patch", ], url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", }, { url: "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", }, { url: "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", }, { url: "https://security.gentoo.org/glsa/202402-08", }, ], source: { discovery: "UNKNOWN", }, title: "X.400 address type confusion in X.509 GeneralName", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2023-0286", datePublished: "2023-02-08T19:01:50.514Z", dateReserved: "2023-01-13T10:40:41.259Z", dateUpdated: "2025-03-20T20:52:26.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38802
Vulnerability from cvelistv5
Published
2023-08-29 00:00
Modified
2024-10-02 14:46
Severity ?
EPSS score ?
Summary
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:54:38.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=37305800", }, { name: "DSA-5495", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5495", }, { name: "[debian-lts-announce] 20230919 [SECURITY] [DLA 3573-1] frr security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html", }, { name: "FEDORA-2023-514db5339e", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/", }, { name: "FEDORA-2023-ce436d56f8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/", }, { name: "FEDORA-2023-61abba57d8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38802", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-02T14:46:38.606959Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-02T14:46:51.117Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-15T05:07:02.171314", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling", }, { url: "https://news.ycombinator.com/item?id=37305800", }, { name: "DSA-5495", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5495", }, { name: "[debian-lts-announce] 20230919 [SECURITY] [DLA 3573-1] frr security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html", }, { name: "FEDORA-2023-514db5339e", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/", }, { name: "FEDORA-2023-ce436d56f8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/", }, { name: "FEDORA-2023-61abba57d8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-38802", datePublished: "2023-08-29T00:00:00", dateReserved: "2023-07-25T00:00:00", dateUpdated: "2024-10-02T14:46:51.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-8923
Vulnerability from cvelistv5
Published
2017-05-12 20:00
Modified
2024-12-27 16:02
Severity ?
EPSS score ?
Summary
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
References
| â–Ľ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98518 | vdb-entry, x_refsource_BID | |
| https://bugs.php.net/bug.php?id=74577 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-12-27T16:02:56.664Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "98518", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98518", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.php.net/bug.php?id=74577", }, { url: "https://security.netapp.com/advisory/ntap-20241227-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-05-12T00:00:00", descriptions: [ { lang: "en", value: "The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-24T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "98518", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98518", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.php.net/bug.php?id=74577", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8923", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "98518", refsource: "BID", url: "http://www.securityfocus.com/bid/98518", }, { name: "https://bugs.php.net/bug.php?id=74577", refsource: "MISC", url: "https://bugs.php.net/bug.php?id=74577", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8923", datePublished: "2017-05-12T20:00:00", dateReserved: "2017-05-12T00:00:00", dateUpdated: "2024-12-27T16:02:56.664Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43527
Vulnerability from cvelistv5
Published
2021-12-08 00:00
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:55:29.297Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.mozilla.org/security/advisories/mfsa2021-51/", }, { tags: [ "x_transferred", ], url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1737470", }, { tags: [ "x_transferred", ], url: "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/", }, { tags: [ "x_transferred", ], url: "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211229-0002/", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf", }, { tags: [ "x_transferred", ], url: "https://www.starwindsoftware.com/security/sw-20220802-0001/", }, { name: "GLSA-202212-05", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-05", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NSS", vendor: "Mozilla", versions: [ { lessThan: "3.73", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "3.68.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.", }, ], problemTypes: [ { descriptions: [ { description: "Memory corruption via DER-encoded DSA and RSA-PSS signatures", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-19T00:00:00", orgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", shortName: "mozilla", }, references: [ { url: "https://www.mozilla.org/security/advisories/mfsa2021-51/", }, { url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1737470", }, { url: "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/", }, { url: "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20211229-0002/", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf", }, { url: "https://www.starwindsoftware.com/security/sw-20220802-0001/", }, { name: "GLSA-202212-05", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-05", }, ], }, }, cveMetadata: { assignerOrgId: "f16b083a-5664-49f3-a51e-8d479e5ed7fe", assignerShortName: "mozilla", cveId: "CVE-2021-43527", datePublished: "2021-12-08T00:00:00", dateReserved: "2021-11-08T00:00:00", dateUpdated: "2024-08-04T03:55:29.297Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3388
Vulnerability from cvelistv5
Published
2024-04-10 17:06
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | PAN-OS |
Version: 8.1.0 < 8.1.26 Version: 9.0.0 < 9.0.17-h4 Version: 9.1.0 < 9.1.17 Version: 10.1.0 < 10.1.11-h4 Version: 10.2.0 < 10.2.7-h3 Version: 11.0.0 < 11.0.3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-3388", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-15T14:39:04.465851Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:32:48.331Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:12:06.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2024-3388", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "8.1.26", status: "unaffected", }, ], lessThan: "8.1.26", status: "affected", version: "8.1.0", versionType: "custom", }, { changes: [ { at: "9.0.17-h4", status: "unaffected", }, ], lessThan: "9.0.17-h4", status: "affected", version: "9.0.0", versionType: "custom", }, { changes: [ { at: "9.1.17", status: "unaffected", }, ], lessThan: "9.1.17", status: "affected", version: "9.1.0", versionType: "custom", }, { changes: [ { at: "10.1.11-h4", status: "unaffected", }, ], lessThan: "10.1.11-h4", status: "affected", version: "10.1.0", versionType: "custom", }, { changes: [ { at: "10.2.7-h3", status: "unaffected", }, ], lessThan: "10.2.7-h3", status: "affected", version: "10.2.0", versionType: "custom", }, { changes: [ { at: "11.0.3", status: "unaffected", }, ], lessThan: "11.0.3", status: "affected", version: "11.0.0", versionType: "custom", }, { status: "unaffected", version: "11.1.0", }, ], }, { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "10.2.4", status: "unaffected", }, ], lessThan: "10.2.4", status: "affected", version: "10.2", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue applies only to PAN-OS firewall configurations with an enabled GlobalProtect gateway and where you are permitting use of the SSL VPN either as a fallback or as the only available tunnel mode. You should verify whether you have a configured GlobalProtect gateway by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways). You can also verify:\n- Whether SSL VPN fallback is permitted (check to see if the \"Disable Automatic Restoration of SSL VPN\" option is disabled in the GlobalProtect Gateway Configuration dialog by selecting Agent > Connection Settings) or;\n- Whether SSL VPN is the only available tunnel mode (check to see if \"Enable IPSec\" is disabled (unchecked) in the GlobalProtect Gateway Configuration dialog by selecting Agent > Tunnel Settings).\nBy default, both PAN-OS firewalls and Prisma Access use the SSL VPN only when the endpoint fails to successfully establish an IPSec tunnel.", }, ], value: "This issue applies only to PAN-OS firewall configurations with an enabled GlobalProtect gateway and where you are permitting use of the SSL VPN either as a fallback or as the only available tunnel mode. You should verify whether you have a configured GlobalProtect gateway by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways). You can also verify:\n- Whether SSL VPN fallback is permitted (check to see if the \"Disable Automatic Restoration of SSL VPN\" option is disabled in the GlobalProtect Gateway Configuration dialog by selecting Agent > Connection Settings) or;\n- Whether SSL VPN is the only available tunnel mode (check to see if \"Enable IPSec\" is disabled (unchecked) in the GlobalProtect Gateway Configuration dialog by selecting Agent > Tunnel Settings).\nBy default, both PAN-OS firewalls and Prisma Access use the SSL VPN only when the endpoint fails to successfully establish an IPSec tunnel.", }, ], credits: [ { lang: "en", type: "finder", value: "Palo Alto Networks thanks Ta-Lun Yen of TXOne Networks for discovering and reporting this issue.", }, ], datePublic: "2024-04-10T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.", }, ], value: "A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n", }, ], impacts: [ { capecId: "CAPEC-194", descriptions: [ { lang: "en", value: "CAPEC-194 Fake the Source of Data", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-10T17:06:40.685Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { url: "https://security.paloaltonetworks.com/CVE-2024-3388", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h4, PAN-OS 10.2.7-h3, PAN-OS 11.0.3, and all later PAN-OS versions. This issue is fixed in Prisma Access 10.2.4 and later.<br>", }, ], value: "This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h4, PAN-OS 10.2.7-h3, PAN-OS 11.0.3, and all later PAN-OS versions. This issue is fixed in Prisma Access 10.2.4 and later.\n", }, ], source: { defect: [ "PAN-224964", ], discovery: "EXTERNAL", }, timeline: [ { lang: "en", time: "2024-04-10T16:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: User Impersonation in GlobalProtect SSL VPN", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "You can enable the \"Disable Automatic Restoration of SSL VPN\" (Network > GlobalProtect Gateways > <gateway-config> > GlobalProtect Gateway Configuration > Agent > Connection Settings) on PAN-OS firewalls with the GlobalProtect feature enabled to mitigate this vulnerability.<br>", }, ], value: "You can enable the \"Disable Automatic Restoration of SSL VPN\" (Network > GlobalProtect Gateways > > GlobalProtect Gateway Configuration > Agent > Connection Settings) on PAN-OS firewalls with the GlobalProtect feature enabled to mitigate this vulnerability.\n", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2024-3388", datePublished: "2024-04-10T17:06:40.685Z", dateReserved: "2024-04-05T17:40:20.687Z", dateUpdated: "2024-08-01T20:12:06.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47629
Vulnerability from cvelistv5
Published
2022-12-20 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:35.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070", }, { tags: [ "x_transferred", ], url: "https://dev.gnupg.org/T6284", }, { name: "DSA-5305", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5305", }, { name: "[debian-lts-announce] 20221224 [SECURITY] [DLA 3248-1] libksba security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html", }, { name: "GLSA-202212-07", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202212-07", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230316-0011/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-16T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070", }, { url: "https://dev.gnupg.org/T6284", }, { name: "DSA-5305", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5305", }, { name: "[debian-lts-announce] 20221224 [SECURITY] [DLA 3248-1] libksba security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html", }, { name: "GLSA-202212-07", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202212-07", }, { url: "https://security.netapp.com/advisory/ntap-20230316-0011/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-47629", datePublished: "2022-12-20T00:00:00", dateReserved: "2022-12-20T00:00:00", dateUpdated: "2024-08-03T15:02:35.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0008
Vulnerability from cvelistv5
Published
2024-02-14 17:32
Modified
2025-03-24 19:06
Severity ?
EPSS score ?
Summary
Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | PAN-OS |
Version: 9.0 < 9.0.17-h2 Version: 9.0 < 9.0.18 Version: 9.1 < 9.1.17 Version: 10.0 < 10.0.12-h1 Version: 10.0 < 10.0.13 Version: 10.1 < 10.1.10-h1 Version: 10.1 < 10.1.11 Version: 10.2 < 10.2.5 Version: 11.0 < 11.0.2 Patch: 11.1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T17:41:15.529Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2024-0008", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-0008", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-15T16:01:38.595257Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-24T19:06:50.475Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "9.0.17-h2", status: "unaffected", }, ], lessThan: "9.0.17-h2", status: "affected", version: "9.0", versionType: "custom", }, { changes: [ { at: "9.0.18", status: "unaffected", }, ], lessThan: "9.0.18", status: "affected", version: "9.0", versionType: "custom", }, { changes: [ { at: "9.1.17", status: "unaffected", }, ], lessThan: "9.1.17", status: "affected", version: "9.1", versionType: "custom", }, { changes: [ { at: "10.0.12-h1", status: "unaffected", }, ], lessThan: "10.0.12-h1", status: "affected", version: "10.0", versionType: "custom", }, { changes: [ { at: "10.0.13", status: "unaffected", }, ], lessThan: "10.0.13", status: "affected", version: "10.0", versionType: "custom", }, { changes: [ { at: "10.1.10-h1", status: "unaffected", }, ], lessThan: "10.1.10-h1", status: "affected", version: "10.1", versionType: "custom", }, { changes: [ { at: "10.1.11", status: "unaffected", }, ], lessThan: "10.1.11", status: "affected", version: "10.1", versionType: "custom", }, { changes: [ { at: "10.2.5", status: "unaffected", }, ], lessThan: "10.2.5", status: "affected", version: "10.2", versionType: "custom", }, { changes: [ { at: "11.0.2", status: "unaffected", }, ], lessThan: "11.0.2", status: "affected", version: "11.0", versionType: "custom", }, { lessThan: "All", status: "unaffected", version: "11.1", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Palo Alto Networks thanks Brian Yaklin for discovering and reporting this issue.", }, ], datePublic: "2024-02-14T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.", }, ], value: "Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-613", description: "CWE-613 Insufficient Session Expiration", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-14T17:32:17.611Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { url: "https://security.paloaltonetworks.com/CVE-2024-0008", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 9.0.17-h2, PAN-OS 9.1.17, PAN-OS 10.0.12-h1, PAN-OS 10.1.10-h1, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.", }, ], value: "This issue is fixed in PAN-OS 9.0.17-h2, PAN-OS 9.1.17, PAN-OS 10.0.12-h1, PAN-OS 10.1.10-h1, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.", }, ], source: { defect: [ "PAN-211664", ], discovery: "EXTERNAL", }, timeline: [ { lang: "en", time: "2024-02-14T17:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface.", }, ], value: "Ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface.", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2024-0008", datePublished: "2024-02-14T17:32:17.611Z", dateReserved: "2023-11-09T18:56:05.666Z", dateUpdated: "2025-03-24T19:06:50.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25658
Vulnerability from cvelistv5
Published
2020-11-12 13:48
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
References
| â–Ľ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 | x_refsource_CONFIRM | |
| https://github.com/sybrenstuvel/python-rsa/issues/165 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sybren A. StĂĽvel | python-rsa |
Version: after 3.0 (inclusive) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.903Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sybrenstuvel/python-rsa/issues/165", }, { name: "FEDORA-2021-783a157adc", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/", }, { name: "FEDORA-2021-c1fef03e71", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/", }, { name: "FEDORA-2021-15e50503d6", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "python-rsa", vendor: "Sybren A. StĂĽvel", versions: [ { status: "affected", version: "after 3.0 (inclusive)", }, ], }, ], descriptions: [ { lang: "en", value: "It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-385", description: "CWE-385", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-25T00:07:41", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sybrenstuvel/python-rsa/issues/165", }, { name: "FEDORA-2021-783a157adc", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/", }, { name: "FEDORA-2021-c1fef03e71", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/", }, { name: "FEDORA-2021-15e50503d6", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-25658", datePublished: "2020-11-12T13:48:31", dateReserved: "2020-09-16T00:00:00", dateUpdated: "2024-08-04T15:40:36.903Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6789
Vulnerability from cvelistv5
Published
2023-12-13 18:26
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | PAN-OS |
Version: 8.1 < 8.1.26 Version: 9.0 < 9.0.17-h4 Version: 9.1 < 9.1.17 Version: 10.0 < Version: 10.1 < 10.1.11 Version: 10.2 < 10.2.5 Version: 11.0 < 11.0.2 Patch: 11.1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:42:07.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2023-6789", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "8.1.26", status: "unaffected", }, ], lessThan: "8.1.26", status: "affected", version: "8.1", versionType: "custom", }, { changes: [ { at: "9.0.17-h4", status: "unaffected", }, ], lessThan: "9.0.17-h4", status: "affected", version: "9.0", versionType: "custom", }, { changes: [ { at: "9.1.17", status: "unaffected", }, ], lessThan: "9.1.17", status: "affected", version: "9.1", versionType: "custom", }, { lessThanOrEqual: "All", status: "affected", version: "10.0", versionType: "custom", }, { changes: [ { at: "10.1.11", status: "unaffected", }, ], lessThan: "10.1.11", status: "affected", version: "10.1", versionType: "custom", }, { changes: [ { at: "10.2.5", status: "unaffected", }, ], lessThan: "10.2.5", status: "affected", version: "10.2", versionType: "custom", }, { changes: [ { at: "11.0.2", status: "unaffected", }, ], lessThan: "11.0.2", status: "affected", version: "11.0", versionType: "custom", }, { lessThan: "All", status: "unaffected", version: "11.1", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Palo Alto Networks thanks Md Sameull Islam of Beetles Cyber Security LTD, Kajetan Rostojek, and an external reporter for discovering and reporting this issue.", }, ], datePublic: "2023-12-13T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.", }, ], value: "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-13T18:26:30.524Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { url: "https://security.paloaltonetworks.com/CVE-2023-6789", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.", }, ], value: "This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.", }, ], source: { discovery: "EXTERNAL", }, timeline: [ { lang: "en", time: "2023-12-13T17:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.", }, ], value: "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2023-6789", datePublished: "2023-12-13T18:26:30.524Z", dateReserved: "2023-12-13T17:27:23.165Z", dateUpdated: "2024-08-02T08:42:07.423Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3386
Vulnerability from cvelistv5
Published
2024-04-10 17:06
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | PAN-OS |
Version: 9.0.0 < 9.0.17-h2 Version: 9.1.0 < 9.1.17 Version: 10.0.0 < 10.0.13 Version: 10.1.0 < 10.1.9-h3 Version: 10.1.0 < 10.1.10 Version: 10.2.0 < 10.2.4-h2 Version: 10.2.0 < 10.2.5 Version: 11.0.0 < 11.0.1-h2 Version: 11.0.0 < 11.0.2 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:palo_alto_networks:cloud_ngfw:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cloud_ngfw", vendor: "palo_alto_networks", versions: [ { lessThan: "*", status: "unaffected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "prisma_access", vendor: "palo_alto_networks", versions: [ { lessThan: "*", status: "unaffected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "pan-os", vendor: "palo_alto_networks", versions: [ { lessThan: "9.0.17-h2", status: "affected", version: "9.0.0", versionType: "custom", }, { lessThan: "9.1.17", status: "affected", version: "9.1.0", versionType: "custom", }, { lessThan: "10.0.13", status: "affected", version: "10.0.00", versionType: "custom", }, { lessThan: "10.1.9-h3", status: "affected", version: "10.1.0", versionType: "custom", }, { lessThan: "10.1.10", status: "affected", version: "10.1.0", versionType: "custom", }, { lessThan: "10.2.4-h2", status: "affected", version: "10.2.0", versionType: "custom", }, { lessThan: "10.2.5", status: "affected", version: "10.2.0", versionType: "custom", }, { lessThan: "11.0.1-h2", status: "affected", version: "11.0.0", versionType: "custom", }, { lessThan: "11.0.2", status: "affected", version: "11.0.0", versionType: "custom", }, { status: "affected", version: "11.1.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-3386", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:11:36.523628Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T15:13:59.508Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:12:06.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2024-3386", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "9.0.17-h2", status: "unaffected", }, ], lessThan: "9.0.17-h2", status: "affected", version: "9.0.0", versionType: "custom", }, { changes: [ { at: "9.1.17", status: "unaffected", }, ], lessThan: "9.1.17", status: "affected", version: "9.1.0", versionType: "custom", }, { changes: [ { at: "10.0.13", status: "unaffected", }, ], lessThan: "10.0.13", status: "affected", version: "10.0.0", versionType: "custom", }, { changes: [ { at: "10.1.9-h3", status: "unaffected", }, ], lessThan: "10.1.9-h3", status: "affected", version: "10.1.0", versionType: "custom", }, { changes: [ { at: "10.1.10", status: "unaffected", }, ], lessThan: "10.1.10", status: "affected", version: "10.1.0", versionType: "custom", }, { changes: [ { at: "10.2.4-h2", status: "unaffected", }, ], lessThan: "10.2.4-h2", status: "affected", version: "10.2.0", versionType: "custom", }, { changes: [ { at: "10.2.5", status: "unaffected", }, ], lessThan: "10.2.5", status: "affected", version: "10.2.0", versionType: "custom", }, { changes: [ { at: "11.0.1-h2", status: "unaffected", }, ], lessThan: "11.0.1-h2", status: "affected", version: "11.0.0", versionType: "custom", }, { changes: [ { at: "11.0.2", status: "unaffected", }, ], lessThan: "11.0.2", status: "affected", version: "11.0.0", versionType: "custom", }, { status: "unaffected", version: "11.1.0", }, ], }, { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "You must configure Predefined Decryption Exclusions on your PAN-OS firewalls. You should check to see whether you have any configured exclusions in your firewall web interface (Device > Certificate Management > SSL Decryption Exclusions).", }, ], value: "You must configure Predefined Decryption Exclusions on your PAN-OS firewalls. You should check to see whether you have any configured exclusions in your firewall web interface (Device > Certificate Management > SSL Decryption Exclusions).", }, ], credits: [ { lang: "en", type: "finder", value: "Palo Alto Networks thanks Frederic De Vlieger for discovering and reporting this issue.", }, ], datePublic: "2024-04-10T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.", }, ], value: "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n", }, ], impacts: [ { capecId: "CAPEC-148", descriptions: [ { lang: "en", value: "CAPEC-148 Content Spoofing", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-436", description: "CWE-436 Interpretation Conflict", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-10T17:06:32.694Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { url: "https://security.paloaltonetworks.com/CVE-2024-3386", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in 9.0.17-h2, 9.0.18, 9.1.17, 10.0.13, 10.1.9-h3, 10.1.10, 10.2.4-h2, 10.2.5, 11.0.1-h2, 11.0.2, 11.1.0 and all later PAN-OS versions.<br>", }, ], value: "This issue is fixed in 9.0.17-h2, 9.0.18, 9.1.17, 10.0.13, 10.1.9-h3, 10.1.10, 10.2.4-h2, 10.2.5, 11.0.1-h2, 11.0.2, 11.1.0 and all later PAN-OS versions.\n", }, ], source: { defect: [ "PAN-208155", ], discovery: "EXTERNAL", }, timeline: [ { lang: "en", time: "2024-04-10T16:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2024-3386", datePublished: "2024-04-10T17:06:32.694Z", dateReserved: "2024-04-05T17:40:19.116Z", dateUpdated: "2024-08-01T20:12:06.667Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8688
Vulnerability from cvelistv5
Published
2024-09-11 16:40
Modified
2024-09-11 18:24
Severity ?
EPSS score ?
Summary
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | PAN-OS |
Version: 9.1.0 < 9.1.15 Version: 10.0.0 < 10.0.10 Version: 10.1.0 < 10.1.1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8688", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-11T18:23:35.134977Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-11T18:24:45.419Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "9.1.15", status: "unaffected", }, ], lessThan: "9.1.15", status: "affected", version: "9.1.0", versionType: "custom", }, { changes: [ { at: "10.0.10", status: "unaffected", }, ], lessThan: "10.0.10", status: "affected", version: "10.0.0", versionType: "custom", }, { changes: [ { at: "10.1.1", status: "unaffected", }, ], lessThan: "10.1.1", status: "affected", version: "10.1.0", versionType: "custom", }, { status: "unaffected", version: "10.2.0", }, { status: "unaffected", version: "11.0.0", }, { status: "unaffected", version: "11.1.0", }, { status: "unaffected", version: "11.2.0", }, ], }, { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Matei \"Mal\" Badanoiu of Deloitte", }, { lang: "en", type: "finder", value: "Martin Smid of Palo Alto Networks", }, ], datePublic: "2024-09-11T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.", }, ], value: "An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the firewall.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-6", descriptions: [ { lang: "en", value: "CAPEC-6 Argument Injection", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "USER", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "LOCAL", baseScore: 6.7, baseSeverity: "MEDIUM", privilegesRequired: "HIGH", providerUrgency: "AMBER", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "CONCENTRATED", vectorString: "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "MODERATE", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-155", description: "CWE-155 Improper Neutralization of Wildcards or Matching Symbols", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-11T16:48:22.674Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { url: "https://security.paloaltonetworks.com/CVE-2024-8688", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 9.1.15, PAN-OS 10.0.10, PAN-OS 10.1.1, and all later PAN-OS versions.<br>", }, ], value: "This issue is fixed in PAN-OS 9.1.15, PAN-OS 10.0.10, PAN-OS 10.1.1, and all later PAN-OS versions.", }, ], source: { defect: [ "PAN-151792", "PAN-82874", ], discovery: "EXTERNAL", }, timeline: [ { lang: "en", time: "2024-09-11T16:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2024-8688", datePublished: "2024-09-11T16:40:50.806Z", dateReserved: "2024-09-11T08:21:13.753Z", dateUpdated: "2024-09-11T18:24:45.419Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3383
Vulnerability from cvelistv5
Published
2024-04-10 17:06
Modified
2024-08-09 20:22
Severity ?
EPSS score ?
Summary
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | PAN-OS |
Version: 11.0.0 < 11.0.3 Version: 10.2.0 < 10.2.5 Version: 10.1.0 < 10.1.11 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T20:12:06.566Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2024-3383", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-3383", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-09T20:22:10.488052Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-09T20:22:18.991Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "11.1.0", }, { changes: [ { at: "11.0.3", status: "unaffected", }, ], lessThan: "11.0.3", status: "affected", version: "11.0.0", versionType: "custom", }, { changes: [ { at: "10.2.5", status: "unaffected", }, ], lessThan: "10.2.5", status: "affected", version: "10.2.0", versionType: "custom", }, { changes: [ { at: "10.1.11", status: "unaffected", }, ], lessThan: "10.1.11", status: "affected", version: "10.1.0", versionType: "custom", }, { status: "unaffected", version: "9.1.0", }, { status: "unaffected", version: "9.0.0", }, ], }, { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue applies only to PAN-OS firewall configurations with Cloud Identity Engine (CIE) enabled. You should verify whether CIE is configured on your firewall web interface (Device > User Identification > Cloud Identity Engine).", }, ], value: "This issue applies only to PAN-OS firewall configurations with Cloud Identity Engine (CIE) enabled. You should verify whether CIE is configured on your firewall web interface (Device > User Identification > Cloud Identity Engine).", }, ], credits: [ { lang: "en", type: "finder", value: "Palo Alto Networks thanks Rodgers Moore, CCIE# 8153 of Insight.com, for discovering and reporting this issue.", }, ], datePublic: "2024-04-10T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.", }, ], value: "A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n", }, ], impacts: [ { capecId: "CAPEC-271", descriptions: [ { lang: "en", value: "CAPEC-271 Schema Poisoning", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-282", description: "CWE-282: Improper Ownership Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-10T17:06:15.823Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { url: "https://security.paloaltonetworks.com/CVE-2024-3383", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.<br>", }, ], value: "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.\n", }, ], source: { defect: [ "PAN-211764", "PAN-218522", ], discovery: "USER", }, timeline: [ { lang: "en", time: "2024-04-10T16:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2024-3383", datePublished: "2024-04-10T17:06:15.823Z", dateReserved: "2024-04-05T17:40:16.359Z", dateUpdated: "2024-08-09T20:22:18.991Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3515
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:14:02.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135610", }, { tags: [ "x_transferred", ], url: "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html", }, { tags: [ "x_transferred", ], url: "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2022-3515", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230706-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "libksba", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in libksba v1.6.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 - Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-06T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135610", }, { url: "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html", }, { url: "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b", }, { url: "https://access.redhat.com/security/cve/CVE-2022-3515", }, { url: "https://security.netapp.com/advisory/ntap-20230706-0008/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-3515", datePublished: "2023-01-12T00:00:00", dateReserved: "2022-10-14T00:00:00", dateUpdated: "2024-08-03T01:14:02.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3387
Vulnerability from cvelistv5
Published
2024-04-10 17:06
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | PAN-OS |
Version: 10.1.0 < 10.1.12 Version: 10.2.0 < 10.2.7-h3 Version: 10.2.0 < 10.2.8 Version: 11.0.0 < 11.0.4 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "pan-os", vendor: "paloaltonetworks", versions: [ { status: "affected", version: "10.2.2", }, ], }, { cpes: [ "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "pan-os", vendor: "paloaltonetworks", versions: [ { status: "affected", version: "10.1.0", }, ], }, { cpes: [ "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "pan-os", vendor: "paloaltonetworks", versions: [ { status: "affected", version: "11.0.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-3387", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-19T19:33:54.917377Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:31:52.758Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:12:06.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2024-3387", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "9.0.0", }, { status: "unaffected", version: "9.1.0", }, { changes: [ { at: "10.1.12", status: "unaffected", }, ], lessThan: "10.1.12", status: "affected", version: "10.1.0", versionType: "custom", }, { changes: [ { at: "10.2.7-h3", status: "unaffected", }, ], lessThan: "10.2.7-h3", status: "affected", version: "10.2.0", versionType: "custom", }, { changes: [ { at: "10.2.8", status: "unaffected", }, ], lessThan: "10.2.8", status: "affected", version: "10.2.0", versionType: "custom", }, { changes: [ { at: "11.0.4", status: "unaffected", }, ], lessThan: "11.0.4", status: "affected", version: "11.0.0", versionType: "custom", }, { status: "unaffected", version: "11.1.0", }, ], }, { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Palo Alto Networks thanks one of our customers for discovering and reporting this issue.", }, ], datePublic: "2024-04-10T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.", }, ], value: "A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n", }, ], impacts: [ { capecId: "CAPEC-20", descriptions: [ { lang: "en", value: "CAPEC-20 Encryption Brute Forcing", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-326", description: "CWE-326 Inadequate Encryption Strength", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-10T17:06:36.676Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { url: "https://security.paloaltonetworks.com/CVE-2024-3387", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 10.1.12, PAN-OS 10.2.7-h3, PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions.<br>", }, ], value: "This issue is fixed in PAN-OS 10.1.12, PAN-OS 10.2.7-h3, PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions.\n", }, ], source: { defect: [ "PAN-200047", ], discovery: "USER", }, timeline: [ { lang: "en", time: "2024-04-10T16:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2024-3387", datePublished: "2024-04-10T17:06:36.676Z", dateReserved: "2024-04-05T17:40:19.884Z", dateUpdated: "2024-08-01T20:12:06.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-9120
Vulnerability from cvelistv5
Published
2018-08-02 15:00
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
References
| â–Ľ | URL | Tags |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20181107-0003/ | x_refsource_CONFIRM | |
| https://bugs.php.net/bug.php?id=74544 | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2019:2519 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:55:22.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20181107-0003/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.php.net/bug.php?id=74544", }, { name: "RHSA-2019:2519", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2519", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-08-02T00:00:00", descriptions: [ { lang: "en", value: "PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-19T10:06:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20181107-0003/", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.php.net/bug.php?id=74544", }, { name: "RHSA-2019:2519", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2519", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9120", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://security.netapp.com/advisory/ntap-20181107-0003/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20181107-0003/", }, { name: "https://bugs.php.net/bug.php?id=74544", refsource: "MISC", url: "https://bugs.php.net/bug.php?id=74544", }, { name: "RHSA-2019:2519", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2519", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9120", datePublished: "2018-08-02T15:00:00", dateReserved: "2017-05-21T00:00:00", dateUpdated: "2024-08-05T16:55:22.232Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5918
Vulnerability from cvelistv5
Published
2024-11-14 09:38
Modified
2024-11-14 19:35
Severity ?
EPSS score ?
Summary
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
References
| â–Ľ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-5918 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | Cloud NGFW | ||||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5918", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-14T18:58:52.114662Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-14T19:35:53.159Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { cpes: [ "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "11.2.0", }, { status: "unaffected", version: "11.1.0", }, { changes: [ { at: "11.0.3", status: "unaffected", }, ], lessThan: "11.0.3", status: "affected", version: "11.0.0", versionType: "custom", }, { changes: [ { at: "10.2.4-h5", status: "unaffected", }, ], lessThan: "10.2.4-h5", status: "affected", version: "10.2.0", versionType: "custom", }, { changes: [ { at: "10.1.11", status: "unaffected", }, ], lessThan: "10.1.11", status: "affected", version: "10.1.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>This issue impacts only firewalls on which you configured a GlobalProtect portal or GlobalProtect gateway to use Client Certificate Authentication and you set the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"Yes\".</p><p>You can verify whether you configured GlobalProtect portal or gateway by checking for entries in your firewall web interface (Network → GlobalProtect → Portals or Network → GlobalProtect → Gateways).</p><p>If you do have GlobalProtect portals or gateways in your configuration, then you can verify whether you configured Client Certificate Authentication on these portals and gateways by checking your firewall web interface (Network → GlobalProtect → Portals → (portal-config) → Authentication or Network → GlobalProtect → Gateways → (gateway-config) → Authentication).</p>", }, ], value: "This issue impacts only firewalls on which you configured a GlobalProtect portal or GlobalProtect gateway to use Client Certificate Authentication and you set the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"Yes\".\n\nYou can verify whether you configured GlobalProtect portal or gateway by checking for entries in your firewall web interface (Network → GlobalProtect → Portals or Network → GlobalProtect → Gateways).\n\nIf you do have GlobalProtect portals or gateways in your configuration, then you can verify whether you configured Client Certificate Authentication on these portals and gateways by checking your firewall web interface (Network → GlobalProtect → Portals → (portal-config) → Authentication or Network → GlobalProtect → Gateways → (gateway-config) → Authentication).", }, ], datePublic: "2024-11-13T18:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you \"Allow Authentication with User Credentials OR Client Certificate.\"", }, ], value: "An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you \"Allow Authentication with User Credentials OR Client Certificate.\"", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-151", descriptions: [ { lang: "en", value: "CAPEC-151 Identity Spoofing", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "AUTOMATIC", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 5.3, baseSeverity: "MEDIUM", privilegesRequired: "LOW", providerUrgency: "AMBER", subAvailabilityImpact: "LOW", subConfidentialityImpact: "LOW", subIntegrityImpact: "LOW", userInteraction: "NONE", valueDensity: "CONCENTRATED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/AU:N/R:A/V:C/RE:M/U:Amber", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "MODERATE", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295 Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-14T09:38:29.319Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { tags: [ "vendor-advisory", ], url: "https://security.paloaltonetworks.com/CVE-2024-5918", }, ], solutions: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.4-h5, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.", }, ], value: "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.4-h5, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.", }, ], source: { defect: [ "PAN-216947", ], discovery: "USER", }, timeline: [ { lang: "en", time: "2024-11-13T17:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "You can mitigate this issue by setting the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"No.\" Additional information is available here:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\"></a><div><ul><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\">https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab</a></li><li><div><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\"></a><div><div><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\">https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\"></a></div></div></div><br></li></ul></div>", }, ], value: "You can mitigate this issue by setting the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"No.\" Additional information is available here:\n https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab \n * https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab", }, ], }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2024-5918", datePublished: "2024-11-14T09:38:29.319Z", dateReserved: "2024-06-12T15:27:57.173Z", dateUpdated: "2024-11-14T19:35:53.159Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48795
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 21:46
Severity ?
EPSS score ?
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:46:27.255Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { tags: [ "x_transferred", ], url: "https://matt.ucc.asn.au/dropbear/CHANGES", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", }, { tags: [ "x_transferred", ], url: "https://www.netsarang.com/en/xshell-update-history/", }, { tags: [ "x_transferred", ], url: "https://www.paramiko.org/changelog.html", }, { tags: [ "x_transferred", ], url: "https://www.openssh.com/openbsd.html", }, { tags: [ "x_transferred", ], url: "https://github.com/openssh/openssh-portable/commits/master", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", }, { tags: [ "x_transferred", ], url: "https://www.bitvise.com/ssh-server-version-history", }, { tags: [ "x_transferred", ], url: "https://github.com/ronf/asyncssh/tags", }, { tags: [ "x_transferred", ], url: "https://gitlab.com/libssh/libssh-mirror/-/tags", }, { tags: [ "x_transferred", ], url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", }, { tags: [ "x_transferred", ], url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", }, { tags: [ "x_transferred", ], url: "https://www.openssh.com/txt/release-9.6", }, { tags: [ "x_transferred", ], url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", }, { tags: [ "x_transferred", ], url: "https://www.terrapin-attack.com", }, { tags: [ "x_transferred", ], url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", }, { tags: [ "x_transferred", ], url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", }, { tags: [ "x_transferred", ], url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", }, { tags: [ "x_transferred", ], url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2", }, { tags: [ "x_transferred", ], url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { tags: [ "x_transferred", ], url: "https://twitter.com/TrueSkrillor/status/1736774389725565005", }, { tags: [ "x_transferred", ], url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", }, { tags: [ "x_transferred", ], url: "https://github.com/paramiko/paramiko/issues/2337", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=38684904", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=38685286", }, { name: "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/18/3", }, { tags: [ "x_transferred", ], url: "https://github.com/mwiede/jsch/issues/457", }, { tags: [ "x_transferred", ], url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", }, { tags: [ "x_transferred", ], url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", }, { tags: [ "x_transferred", ], url: "https://github.com/advisories/GHSA-45x7-px36-x8w8", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/source-package/libssh2", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2023-48795", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950", }, { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { tags: [ "x_transferred", ], url: "https://bugs.gentoo.org/920280", }, { tags: [ "x_transferred", ], url: "https://ubuntu.com/security/CVE-2023-48795", }, { tags: [ "x_transferred", ], url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2023-48795", }, { tags: [ "x_transferred", ], url: "https://github.com/mwiede/jsch/pull/461", }, { tags: [ "x_transferred", ], url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", }, { tags: [ "x_transferred", ], url: "https://github.com/libssh2/libssh2/pull/1291", }, { tags: [ "x_transferred", ], url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", }, { tags: [ "x_transferred", ], url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", }, { tags: [ "x_transferred", ], url: "https://github.com/rapier1/hpn-ssh/releases", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/issues/456", }, { tags: [ "x_transferred", ], url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", }, { tags: [ "x_transferred", ], url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", }, { tags: [ "x_transferred", ], url: "https://oryx-embedded.com/download/#changelog", }, { tags: [ "x_transferred", ], url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", }, { tags: [ "x_transferred", ], url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", }, { tags: [ "x_transferred", ], url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", }, { tags: [ "x_transferred", ], url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", }, { tags: [ "x_transferred", ], url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", }, { tags: [ "x_transferred", ], url: "https://crates.io/crates/thrussh/versions", }, { tags: [ "x_transferred", ], url: "https://github.com/NixOS/nixpkgs/pull/275249", }, { name: "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/5", }, { tags: [ "x_transferred", ], url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", }, { tags: [ "x_transferred", ], url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", }, { name: "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/20/3", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", }, { tags: [ "x_transferred", ], url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", }, { tags: [ "x_transferred", ], url: "https://github.com/apache/mina-sshd/issues/445", }, { tags: [ "x_transferred", ], url: "https://github.com/hierynomus/sshj/issues/916", }, { tags: [ "x_transferred", ], url: "https://github.com/janmojzis/tinyssh/issues/81", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/12/20/3", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", }, { tags: [ "x_transferred", ], url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", }, { name: "FEDORA-2023-0733306be9", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", }, { name: "DSA-5586", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { tags: [ "x_transferred", ], url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", }, { tags: [ "x_transferred", ], url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", }, { tags: [ "x_transferred", ], url: "https://filezilla-project.org/versions.php", }, { tags: [ "x_transferred", ], url: "https://nova.app/releases/#v11.8", }, { tags: [ "x_transferred", ], url: "https://roumenpetrov.info/secsh/#news20231220", }, { tags: [ "x_transferred", ], url: "https://www.vandyke.com/products/securecrt/history.txt", }, { tags: [ "x_transferred", ], url: "https://help.panic.com/releasenotes/transmit5/", }, { tags: [ "x_transferred", ], url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", }, { tags: [ "x_transferred", ], url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", }, { tags: [ "x_transferred", ], url: "https://winscp.net/eng/docs/history#6.2.2", }, { tags: [ "x_transferred", ], url: "https://www.bitvise.com/ssh-client-version-history#933", }, { tags: [ "x_transferred", ], url: "https://github.com/cyd01/KiTTY/issues/520", }, { name: "DSA-5588", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5588", }, { tags: [ "x_transferred", ], url: "https://github.com/ssh-mitm/ssh-mitm/issues/165", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=38732005", }, { name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, { name: "GLSA-202312-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-16", }, { name: "GLSA-202312-17", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-17", }, { name: "FEDORA-2023-20feb865d8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", }, { name: "FEDORA-2023-cb8c606fbb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", }, { name: "FEDORA-2023-e77300e4b5", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", }, { name: "FEDORA-2023-b87ec6cf47", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", }, { name: "FEDORA-2023-153404713b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240105-0004/", }, { name: "FEDORA-2024-3bb23c77f3", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", }, { name: "FEDORA-2023-55800423a8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { name: "FEDORA-2024-d946b9ad25", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", }, { name: "FEDORA-2024-71c2c6526c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", }, { name: "FEDORA-2024-39a8c72ea9", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", }, { name: "FEDORA-2024-ae653fb07b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { name: "FEDORA-2024-2705241461", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", }, { name: "FEDORA-2024-fb32950d11", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { name: "FEDORA-2024-7b08207cdb", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", }, { name: "FEDORA-2024-06ebb70bdd", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", }, { name: "FEDORA-2024-a53b24023d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", }, { name: "FEDORA-2024-3fd1bc9276", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { name: "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", }, { name: "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/8", }, { name: "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/06/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T18:06:23.972272", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { url: "https://matt.ucc.asn.au/dropbear/CHANGES", }, { url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", }, { url: "https://www.netsarang.com/en/xshell-update-history/", }, { url: "https://www.paramiko.org/changelog.html", }, { url: "https://www.openssh.com/openbsd.html", }, { url: "https://github.com/openssh/openssh-portable/commits/master", }, { url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", }, { url: "https://www.bitvise.com/ssh-server-version-history", }, { url: "https://github.com/ronf/asyncssh/tags", }, { url: "https://gitlab.com/libssh/libssh-mirror/-/tags", }, { url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", }, { url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", }, { url: "https://www.openssh.com/txt/release-9.6", }, { url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", }, { url: "https://www.terrapin-attack.com", }, { url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", }, { url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", }, { url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", }, { url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2", }, { url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", }, { url: "https://www.openwall.com/lists/oss-security/2023/12/18/2", }, { url: "https://twitter.com/TrueSkrillor/status/1736774389725565005", }, { url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", }, { url: "https://github.com/paramiko/paramiko/issues/2337", }, { url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", }, { url: "https://news.ycombinator.com/item?id=38684904", }, { url: "https://news.ycombinator.com/item?id=38685286", }, { name: "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/18/3", }, { url: "https://github.com/mwiede/jsch/issues/457", }, { url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", }, { url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", }, { url: "https://github.com/advisories/GHSA-45x7-px36-x8w8", }, { url: "https://security-tracker.debian.org/tracker/source-package/libssh2", }, { url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", }, { url: "https://security-tracker.debian.org/tracker/CVE-2023-48795", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950", }, { url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", }, { url: "https://bugs.gentoo.org/920280", }, { url: "https://ubuntu.com/security/CVE-2023-48795", }, { url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", }, { url: "https://access.redhat.com/security/cve/cve-2023-48795", }, { url: "https://github.com/mwiede/jsch/pull/461", }, { url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", }, { url: "https://github.com/libssh2/libssh2/pull/1291", }, { url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", }, { url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", }, { url: "https://github.com/rapier1/hpn-ssh/releases", }, { url: "https://github.com/proftpd/proftpd/issues/456", }, { url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", }, { url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", }, { url: "https://oryx-embedded.com/download/#changelog", }, { url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", }, { url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", }, { url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", }, { url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", }, { url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", }, { url: "https://crates.io/crates/thrussh/versions", }, { url: "https://github.com/NixOS/nixpkgs/pull/275249", }, { name: "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/19/5", }, { url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", }, { url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", }, { name: "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/12/20/3", }, { url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", }, { url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", }, { url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", }, { url: "https://github.com/apache/mina-sshd/issues/445", }, { url: "https://github.com/hierynomus/sshj/issues/916", }, { url: "https://github.com/janmojzis/tinyssh/issues/81", }, { url: "https://www.openwall.com/lists/oss-security/2023/12/20/3", }, { url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", }, { url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", }, { name: "FEDORA-2023-0733306be9", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", }, { name: "DSA-5586", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", }, { url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", }, { url: "https://filezilla-project.org/versions.php", }, { url: "https://nova.app/releases/#v11.8", }, { url: "https://roumenpetrov.info/secsh/#news20231220", }, { url: "https://www.vandyke.com/products/securecrt/history.txt", }, { url: "https://help.panic.com/releasenotes/transmit5/", }, { url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", }, { url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", }, { url: "https://winscp.net/eng/docs/history#6.2.2", }, { url: "https://www.bitvise.com/ssh-client-version-history#933", }, { url: "https://github.com/cyd01/KiTTY/issues/520", }, { name: "DSA-5588", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5588", }, { url: "https://github.com/ssh-mitm/ssh-mitm/issues/165", }, { url: "https://news.ycombinator.com/item?id=38732005", }, { name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, { name: "GLSA-202312-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-16", }, { name: "GLSA-202312-17", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-17", }, { name: "FEDORA-2023-20feb865d8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", }, { name: "FEDORA-2023-cb8c606fbb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", }, { name: "FEDORA-2023-e77300e4b5", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", }, { name: "FEDORA-2023-b87ec6cf47", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", }, { name: "FEDORA-2023-153404713b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", }, { url: "https://security.netapp.com/advisory/ntap-20240105-0004/", }, { name: "FEDORA-2024-3bb23c77f3", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", }, { name: "FEDORA-2023-55800423a8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", }, { name: "FEDORA-2024-d946b9ad25", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", }, { name: "FEDORA-2024-71c2c6526c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", }, { name: "FEDORA-2024-39a8c72ea9", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", }, { name: "FEDORA-2024-ae653fb07b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", }, { name: "FEDORA-2024-2705241461", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", }, { name: "FEDORA-2024-fb32950d11", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", }, { name: "FEDORA-2024-7b08207cdb", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", }, { name: "FEDORA-2024-06ebb70bdd", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", }, { name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", }, { name: "FEDORA-2024-a53b24023d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", }, { name: "FEDORA-2024-3fd1bc9276", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", }, { url: "https://support.apple.com/kb/HT214084", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { name: "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", }, { name: "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/8", }, { name: "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/03/06/3", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-48795", datePublished: "2023-12-18T00:00:00", dateReserved: "2023-11-20T00:00:00", dateUpdated: "2024-08-02T21:46:27.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5919
Vulnerability from cvelistv5
Published
2024-11-14 09:36
Modified
2024-11-14 19:41
Severity ?
EPSS score ?
Summary
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
References
| â–Ľ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-5919 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | Cloud NGFW | ||||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5919", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-14T18:59:05.844837Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-14T19:41:04.355Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { cpes: [ "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "11.2.0", }, { status: "unaffected", version: "11.1.0", }, { changes: [ { at: "11.0.2", status: "unaffected", }, ], lessThan: "11.0.2", status: "affected", version: "11.0.0", versionType: "custom", }, { changes: [ { at: "10.2.5", status: "unaffected", }, ], lessThan: "10.2.5", status: "affected", version: "10.2.0", versionType: "custom", }, { changes: [ { at: "10.1.10", status: "unaffected", }, ], lessThan: "10.1.10", status: "affected", version: "10.1.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Dan Marin of Deloitte", }, { lang: "en", type: "finder", value: "Cristian Mocanu of Deloitte", }, { lang: "en", type: "finder", value: "Alex Hordijk", }, ], datePublic: "2024-11-13T18:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.", }, ], value: "A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-201", descriptions: [ { lang: "en", value: "CAPEC-201 XML Entity Linking", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "AUTOMATIC", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 5.1, baseSeverity: "MEDIUM", privilegesRequired: "HIGH", providerUrgency: "AMBER", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "CONCENTRATED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:C/RE:M/U:Amber", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "MODERATE", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "CWE-611 Improper Restriction of XML External Entity Reference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-14T09:36:46.390Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { tags: [ "vendor-advisory", ], url: "https://security.paloaltonetworks.com/CVE-2024-5919", }, ], solutions: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 10.1.10, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.", }, ], value: "This issue is fixed in PAN-OS 10.1.10, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.", }, ], source: { defect: [ "PAN-205062", ], discovery: "EXTERNAL", }, timeline: [ { lang: "en", time: "2024-11-13T17:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability", }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2024-5919", datePublished: "2024-11-14T09:36:46.390Z", dateReserved: "2024-06-12T15:27:57.328Z", dateUpdated: "2024-11-14T19:41:04.355Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-21708
Vulnerability from cvelistv5
Published
2022-02-27 08:00
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
References
| â–Ľ | URL | Tags |
|---|---|---|
| https://bugs.php.net/bug.php?id=81708 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220325-0004/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-20 | vendor-advisory, x_refsource_GENTOO |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:23:28.601Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.php.net/bug.php?id=81708", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220325-0004/", }, { name: "GLSA-202209-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-20", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "PHP", vendor: "PHP Group", versions: [ { lessThan: "7.4.28", status: "affected", version: "7.4.x", versionType: "custom", }, { lessThan: "8.0.16", status: "affected", version: "8.0.X", versionType: "custom", }, { lessThan: "8.1.3", status: "affected", version: "8.1.X", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "dukk at softdev dot online", }, ], datePublic: "2022-02-14T00:00:00", descriptions: [ { lang: "en", value: "In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416 Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:06:49", orgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", shortName: "php", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.php.net/bug.php?id=81708", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220325-0004/", }, { name: "GLSA-202209-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-20", }, ], source: { defect: [ "https://bugs.php.net/bug.php?id=81708", ], discovery: "EXTERNAL", }, title: "UAF due to php_filter_float() failing", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@php.net", DATE_PUBLIC: "2022-02-14T08:00:00.000Z", ID: "CVE-2021-21708", STATE: "PUBLIC", TITLE: "UAF due to php_filter_float() failing", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "PHP", version: { version_data: [ { version_affected: "<", version_name: "7.4.x", version_value: "7.4.28", }, { version_affected: "<", version_name: "8.0.X", version_value: "8.0.16", }, { version_affected: "<", version_name: "8.1.X", version_value: "8.1.3", }, ], }, }, ], }, vendor_name: "PHP Group", }, ], }, }, credit: [ { lang: "eng", value: "dukk at softdev dot online", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-416 Use After Free", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.php.net/bug.php?id=81708", refsource: "MISC", url: "https://bugs.php.net/bug.php?id=81708", }, { name: "https://security.netapp.com/advisory/ntap-20220325-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220325-0004/", }, { name: "GLSA-202209-20", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-20", }, ], }, source: { defect: [ "https://bugs.php.net/bug.php?id=81708", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", assignerShortName: "php", cveId: "CVE-2021-21708", datePublished: "2022-02-27T08:00:12.018780Z", dateReserved: "2021-01-04T00:00:00", dateUpdated: "2024-09-17T03:18:02.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37454
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:21.027Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20230203-0001/", }, { name: "https://csrc.nist.gov/projects/hash-functions/sha-3-project", tags: [ "x_transferred", ], url: "https://csrc.nist.gov/projects/hash-functions/sha-3-project", }, { name: "https://mouha.be/sha-3-buffer-overflow/", tags: [ "x_transferred", ], url: "https://mouha.be/sha-3-buffer-overflow/", }, { name: "https://news.ycombinator.com/item?id=33281106", tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=33281106", }, { name: "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", tags: [ "x_transferred", ], url: "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", }, { name: "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", }, { name: "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", }, { name: "https://www.debian.org/security/2022/dsa-5267", tags: [ "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5267", }, { name: "https://www.debian.org/security/2022/dsa-5269", tags: [ "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5269", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", }, { tags: [ "x_transferred", ], url: "https://eprint.iacr.org/2023/331", }, { tags: [ "x_transferred", ], url: "https://news.ycombinator.com/item?id=35050307", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202305-02", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "unknown", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-03T10:06:29.726Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "https://csrc.nist.gov/projects/hash-functions/sha-3-project", url: "https://csrc.nist.gov/projects/hash-functions/sha-3-project", }, { name: "https://mouha.be/sha-3-buffer-overflow/", url: "https://mouha.be/sha-3-buffer-overflow/", }, { name: "https://news.ycombinator.com/item?id=33281106", url: "https://news.ycombinator.com/item?id=33281106", }, { name: "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", url: "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", }, { name: "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", }, { name: "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", }, { name: "https://www.debian.org/security/2022/dsa-5267", url: "https://www.debian.org/security/2022/dsa-5267", }, { name: "https://www.debian.org/security/2022/dsa-5269", url: "https://www.debian.org/security/2022/dsa-5269", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", }, { url: "https://eprint.iacr.org/2023/331", }, { url: "https://news.ycombinator.com/item?id=35050307", }, { url: "https://security.gentoo.org/glsa/202305-02", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37454", datePublished: "2022-10-21T00:00:00.000Z", dateReserved: "2022-08-07T00:00:00.000Z", dateUpdated: "2025-02-13T16:32:55.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5916
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 18:25
Severity ?
EPSS score ?
Summary
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | PAN-OS |
Version: 10.2 < 10.2.8 Version: 11.0 < 11.0.4 Patch: 11.1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-5916", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:17:46.783901Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T18:25:01.965Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "9.1", }, { status: "unaffected", version: "10.1", }, { changes: [ { at: "10.2.8", status: "unaffected", }, ], lessThan: "10.2.8", status: "affected", version: "10.2", versionType: "custom", }, { changes: [ { at: "11.0.4", status: "unaffected", }, ], lessThan: "11.0.4", status: "affected", version: "11.0", versionType: "custom", }, { status: "unaffected", version: "11.1", versionType: "custom", }, ], }, { defaultStatus: "unaffected", platforms: [ "AWS", "Azure", ], product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "affected", version: "Before 8/15", }, { status: "unaffected", version: "On or after 8/15", }, { status: "affected", version: "Before 8/23", }, { status: "unaffected", version: "On or after 8/23", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Hari Yadavalli of Palo Alto Networks", }, ], datePublic: "2024-08-14T16:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.", }, ], value: "An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-116", descriptions: [ { lang: "en", value: "CAPEC-116 Excavation", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "USER", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6, baseSeverity: "MEDIUM", privilegesRequired: "HIGH", providerUrgency: "AMBER", subAvailabilityImpact: "NONE", subConfidentialityImpact: "HIGH", subIntegrityImpact: "NONE", userInteraction: "PASSIVE", valueDensity: "CONCENTRATED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "HIGH", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-313", description: "CWE-313: Cleartext Storage in a File or on Disk", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T16:41:15.812Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { url: "https://security.paloaltonetworks.com/CVE-2024-5916", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions. This issue is fixed in Cloud NGFW on or after 8/15 on Azure, Cloud NGFW on or after 8/23 on AWS, and all later Cloud NGFW versions.\n\nYou should also revoke the secrets, passwords, and tokens that are configured in all server profiles of affected PAN-OS firewalls (Device > Server Profiles) after upgrading PAN-OS.<br>", }, ], value: "This issue is fixed in PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions. This issue is fixed in Cloud NGFW on or after 8/15 on Azure, Cloud NGFW on or after 8/23 on AWS, and all later Cloud NGFW versions.\n\nYou should also revoke the secrets, passwords, and tokens that are configured in all server profiles of affected PAN-OS firewalls (Device > Server Profiles) after upgrading PAN-OS.", }, ], source: { defect: [ "PAN-231823", ], discovery: "INTERNAL", }, timeline: [ { lang: "en", time: "2024-08-14T16:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: Cleartext Exposure of External System Secrets", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2024-5916", datePublished: "2024-08-14T16:41:15.812Z", dateReserved: "2024-06-12T15:27:56.840Z", dateUpdated: "2024-08-14T18:25:01.965Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-31676
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Tools |
Version: VMware Tools (12.0.0, 11.x.y and 10.x.y) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:26:00.916Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2022-0024.html", }, { name: "[oss-security] 20220823 [SECURITY ADVISORY] open-vm-tools: Local privilege escalation vulnerability (CVE-2022-31676)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/08/23/3", }, { name: "DSA-5215", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5215", }, { name: "[debian-lts-announce] 20220825 [SECURITY] [DLA 3081-1] open-vm-tools security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00013.html", }, { name: "FEDORA-2022-cd23eac6f4", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z/", }, { name: "FEDORA-2022-1b8d3b2845", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76/", }, { name: "FEDORA-2022-1c9c0bacaf", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221017-0003/", }, { name: "GLSA-202210-27", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "VMware Tools", vendor: "n/a", versions: [ { status: "affected", version: "VMware Tools (12.0.0, 11.x.y and 10.x.y)", }, ], }, ], descriptions: [ { lang: "en", value: "VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.", }, ], problemTypes: [ { descriptions: [ { description: "Local privilege escalation vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-31T00:00:00", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://www.vmware.com/security/advisories/VMSA-2022-0024.html", }, { name: "[oss-security] 20220823 [SECURITY ADVISORY] open-vm-tools: Local privilege escalation vulnerability (CVE-2022-31676)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/08/23/3", }, { name: "DSA-5215", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5215", }, { name: "[debian-lts-announce] 20220825 [SECURITY] [DLA 3081-1] open-vm-tools security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/08/msg00013.html", }, { name: "FEDORA-2022-cd23eac6f4", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z/", }, { name: "FEDORA-2022-1b8d3b2845", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76/", }, { name: "FEDORA-2022-1c9c0bacaf", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW/", }, { url: "https://security.netapp.com/advisory/ntap-20221017-0003/", }, { name: "GLSA-202210-27", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202210-27", }, ], }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2022-31676", datePublished: "2022-08-23T00:00:00", dateReserved: "2022-05-25T00:00:00", dateUpdated: "2024-08-03T07:26:00.916Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6793
Vulnerability from cvelistv5
Published
2023-12-13 18:40
Modified
2024-12-02 14:27
Severity ?
EPSS score ?
Summary
An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | PAN-OS |
Patch: 8.1 Version: 9.0 < 9.0.17-h4 Version: 9.1 < 9.1.17 Version: 10.0 < Version: 10.1 < 10.1.11 Version: 10.2 < 10.2.5 Version: 11.0 < 11.0.2 Patch: 11.1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:42:07.419Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.paloaltonetworks.com/CVE-2023-6793", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-6793", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T14:27:40.179186Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T14:27:51.212Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "8.1.24-h1", status: "unaffected", }, ], lessThan: "All", status: "unaffected", version: "8.1", versionType: "custom", }, { changes: [ { at: "9.0.17-h4", status: "unaffected", }, ], lessThan: "9.0.17-h4", status: "affected", version: "9.0", versionType: "custom", }, { changes: [ { at: "9.1.17", status: "unaffected", }, ], lessThan: "9.1.17", status: "affected", version: "9.1", versionType: "custom", }, { lessThanOrEqual: "All", status: "affected", version: "10.0", versionType: "custom", }, { changes: [ { at: "10.1.11", status: "unaffected", }, ], lessThan: "10.1.11", status: "affected", version: "10.1", versionType: "custom", }, { changes: [ { at: "10.2.5", status: "unaffected", }, ], lessThan: "10.2.5", status: "affected", version: "10.2", versionType: "custom", }, { changes: [ { at: "11.0.2", status: "unaffected", }, ], lessThan: "11.0.2", status: "affected", version: "11.0", versionType: "custom", }, { lessThan: "All", status: "unaffected", version: "11.1", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is applicable only to PAN-OS configurations that have XML API access enabled.<br><br>You can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access", }, ], value: "This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access", }, ], datePublic: "2023-12-13T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.", }, ], value: "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 2.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-13T18:40:54.955Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { url: "https://security.paloaltonetworks.com/CVE-2023-6793", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.", }, ], value: "This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.", }, ], source: { discovery: "EXTERNAL", }, timeline: [ { lang: "en", time: "2023-12-13T17:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.", }, ], value: "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2023-6793", datePublished: "2023-12-13T18:40:54.955Z", dateReserved: "2023-12-13T17:27:26.408Z", dateUpdated: "2024-12-02T14:27:51.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-2551
Vulnerability from cvelistv5
Published
2024-11-14 09:36
Modified
2024-11-19 15:01
Severity ?
EPSS score ?
Summary
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.
References
| â–Ľ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-2551 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| â–Ľ | Palo Alto Networks | Cloud NGFW | ||||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-2551", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T15:01:17.887695Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T15:01:40.744Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, { cpes: [ "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*", "cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "11.2.0", }, { status: "unaffected", version: "11.1.0", }, { changes: [ { at: "11.0.5", status: "unaffected", }, ], lessThan: "11.0.5", status: "affected", version: "11.0.0", versionType: "custom", }, { changes: [ { at: "10.2.4-h6", status: "unaffected", }, { at: "10.2.5", status: "unaffected", }, ], lessThan: "10.2.4-h6", status: "affected", version: "10.2.0", versionType: "custom", }, { changes: [ { at: "10.1.14", status: "unaffected", }, ], lessThan: "10.1.14", status: "affected", version: "10.1.0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "a customer", }, ], datePublic: "2024-11-13T18:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.", }, ], value: "A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-129", descriptions: [ { lang: "en", value: "CAPEC-129 Pointer Manipulation", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "USER", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 8.7, baseSeverity: "HIGH", privilegesRequired: "NONE", providerUrgency: "AMBER", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "CONCENTRATED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "MODERATE", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-14T09:36:09.876Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { tags: [ "vendor-advisory", ], url: "https://security.paloaltonetworks.com/CVE-2024-2551", }, ], solutions: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.4-h6, PAN-OS 10.2.5, PAN-OS 11.0.5, and all later PAN-OS versions.", }, ], value: "This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.4-h6, PAN-OS 10.2.5, PAN-OS 11.0.5, and all later PAN-OS versions.", }, ], source: { defect: [ "PAN-223185", ], discovery: "EXTERNAL", }, timeline: [ { lang: "en", time: "2024-11-13T17:00:00.000Z", value: "Initial publication", }, ], title: "PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet", }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2024-2551", datePublished: "2024-11-14T09:36:09.876Z", dateReserved: "2024-03-15T22:43:27.814Z", dateUpdated: "2024-11-19T15:01:40.744Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-1271
Vulnerability from cvelistv5
Published
2022-08-31 15:33
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
References
| â–Ľ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2073310 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2022/04/07/8 | x_refsource_MISC | |
| https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html | x_refsource_MISC | |
| https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch | x_refsource_MISC | |
| https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2022-1271 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/CVE-2022-1271 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202209-01 | vendor-advisory, x_refsource_GENTOO | |
| https://security.netapp.com/advisory/ntap-20220930-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | gzip, xz-utils |
Version: Fixed in gzip 1.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:55:24.665Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/04/07/8", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2022-1271", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2022-1271", }, { name: "GLSA-202209-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220930-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gzip, xz-utils", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in gzip 1.12", }, ], }, ], descriptions: [ { lang: "en", value: "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-179", description: "CWE-179 - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-30T15:06:11", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2022/04/07/8", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", }, { tags: [ "x_refsource_MISC", ], url: "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", }, { tags: [ "x_refsource_MISC", ], url: "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", }, { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2022-1271", }, { tags: [ "x_refsource_MISC", ], url: "https://access.redhat.com/security/cve/CVE-2022-1271", }, { name: "GLSA-202209-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220930-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-1271", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "gzip, xz-utils", version: { version_data: [ { version_value: "Fixed in gzip 1.12", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-179 - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", }, { name: "https://www.openwall.com/lists/oss-security/2022/04/07/8", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2022/04/07/8", }, { name: "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", refsource: "MISC", url: "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", }, { name: "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", refsource: "MISC", url: "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", }, { name: "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", refsource: "MISC", url: "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", }, { name: "https://security-tracker.debian.org/tracker/CVE-2022-1271", refsource: "MISC", url: "https://security-tracker.debian.org/tracker/CVE-2022-1271", }, { name: "https://access.redhat.com/security/cve/CVE-2022-1271", refsource: "MISC", url: "https://access.redhat.com/security/cve/CVE-2022-1271", }, { name: "GLSA-202209-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-01", }, { name: "https://security.netapp.com/advisory/ntap-20220930-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220930-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-1271", datePublished: "2022-08-31T15:33:00", dateReserved: "2022-04-07T00:00:00", dateUpdated: "2024-08-02T23:55:24.665Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.