CVE-2023-0004: PAN-OS: Local File Deletion Vulnerability
First published: Wed Apr 12 2023(Updated: )
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software.
Credit: psirt@paloaltonetworks.com psirt@paloaltonetworks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paloaltonetworks Pan-os | >=8.1.0<8.1.24 | |
| Paloaltonetworks Pan-os | >=9.0.0<9.0.17 | |
| Paloaltonetworks Pan-os | >=9.1.0<9.1.15 | |
| Paloaltonetworks Pan-os | >=10.0.0<10.0.11 | |
| Paloaltonetworks Pan-os | >=10.1.0<10.1.6 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| Fedoraproject Fedora | =39 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security.paloaltonetworks.com/CVE-2023-0004
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
Frequently Asked Questions
What is CVE-2023-0004?
CVE-2023-0004 is a local file deletion vulnerability in Palo Alto Networks PAN-OS software that allows an authenticated administrator to delete files from the local file system with elevated privileges.
How does CVE-2023-0004 impact PAN-OS software?
CVE-2023-0004 can impact the integrity and availability of PAN-OS software by allowing the deletion of important files, including logs and system components.
How severe is CVE-2023-0004?
The severity of CVE-2023-0004 is medium, with a severity value of 6.5.
Which versions of PAN-OS software are affected by CVE-2023-0004?
Palo Alto Networks PAN-OS software versions 8.1.0 to 8.1.24, 9.0.0 to 9.0.17, 9.1.0 to 9.1.15, 10.0.0 to 10.0.11, and 10.1.0 to 10.1.6 are affected by CVE-2023-0004.
Is there a fix available for CVE-2023-0004?
Yes, Palo Alto Networks has released patches and updates to address the vulnerability. It is recommended to update to the latest version of PAN-OS software to fix CVE-2023-0004.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/mitre-cve
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/paloaltonetworks
- canonical/paloaltonetworks pan-os
- version/paloaltonetworks pan-os/8.1.0
- version/paloaltonetworks pan-os/9.0.0
- version/paloaltonetworks pan-os/9.1.0
- version/paloaltonetworks pan-os/10.0.0
- version/paloaltonetworks pan-os/10.1.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- version/fedoraproject fedora/39