CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability
Description
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.
These files can include logs and system components that impact the integrity and availability of PAN-OS software.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Cloud NGFW | None | All |
| PAN-OS 11.0 | None | All |
| PAN-OS 10.2 | None | All |
| PAN-OS 10.1 | < 10.1.6 | >= 10.1.6 |
| PAN-OS 10.0 | < 10.0.11 | >= 10.0.11 |
| PAN-OS 9.1 | < 9.1.15 | >= 9.1.15 |
| PAN-OS 9.0 | < 9.0.17 | >= 9.0.17 |
| PAN-OS 8.1 | < 8.1.24 | >= 8.1.24 |
| Prisma Access | None | All |
Severity: MEDIUM
CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-703: Improper Check or Handling of Exceptional Conditions
Solution
This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions.
Workarounds and Mitigations
Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat IDs 93274 and 93287 (Applications and Threats content update 8698).
This issue requires the attacker to have authenticated access to the PAN-OS management interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.