Palo Alto Networks Security Advisories / CVE-2023-0004

CVE-2023-0004 PAN-OS: Local File Deletion Vulnerability

047910
Severity 6.5 · MEDIUM
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact NONE
Privileges Required HIGH
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH

Description

A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.

These files can include logs and system components that impact the integrity and availability of PAN-OS software.

Product Status

VersionsAffectedUnaffected
Cloud NGFW NoneAll
PAN-OS 11.0NoneAll
PAN-OS 10.2NoneAll
PAN-OS 10.1< 10.1.6>= 10.1.6
PAN-OS 10.0< 10.0.11>= 10.0.11
PAN-OS 9.1< 9.1.15>= 9.1.15
PAN-OS 9.0< 9.0.17>= 9.0.17
PAN-OS 8.1< 8.1.24>= 8.1.24
Prisma Access NoneAll

Severity: MEDIUM

CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-703: Improper Check or Handling of Exceptional Conditions

Solution

This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions.

Workarounds and Mitigations

Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat IDs 93274 and 93287 (Applications and Threats content update 8698).

This issue requires the attacker to have authenticated access to the PAN-OS management interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS management interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.

Acknowledgments

Palo Alto Networks thanks Wim Barthier and Frank Lycops for discovering and reporting this issue.

Timeline

Updated threat prevention signature coverage
Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.