First published: Wed Apr 12 2023(Updated: )
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software.
Credit: psirt@paloaltonetworks.com psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Pan-os | >=8.1.0<8.1.24 | |
Paloaltonetworks Pan-os | >=9.0.0<9.0.17 | |
Paloaltonetworks Pan-os | >=9.1.0<9.1.15 | |
Paloaltonetworks Pan-os | >=10.0.0<10.0.11 | |
Paloaltonetworks Pan-os | >=10.1.0<10.1.6 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 |
This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-0004 is a local file deletion vulnerability in Palo Alto Networks PAN-OS software that allows an authenticated administrator to delete files from the local file system with elevated privileges.
CVE-2023-0004 can impact the integrity and availability of PAN-OS software by allowing the deletion of important files, including logs and system components.
The severity of CVE-2023-0004 is medium, with a severity value of 6.5.
Palo Alto Networks PAN-OS software versions 8.1.0 to 8.1.24, 9.0.0 to 9.0.17, 9.1.0 to 9.1.15, 10.0.0 to 10.0.11, and 10.1.0 to 10.1.6 are affected by CVE-2023-0004.
Yes, Palo Alto Networks has released patches and updates to address the vulnerability. It is recommended to update to the latest version of PAN-OS software to fix CVE-2023-0004.