First published: Wed Apr 12 2023(Updated: )
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Pan-os | >=8.1.0<8.1.24 | |
Paloaltonetworks Pan-os | >=9.0.0<9.0.17 | |
Paloaltonetworks Pan-os | >=9.1.0<9.1.15 | |
Paloaltonetworks Pan-os | >=10.0.0<10.0.12 | |
Paloaltonetworks Pan-os | >=10.1.0<10.1.8 | |
Paloaltonetworks Pan-os | >=10.2.0<10.2.3 |
This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.15, PAN-OS 10.0.12, PAN-OS 10.1.8, PAN-OS 10.2.3, and all later PAN-OS versions.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-0005 is a vulnerability in Palo Alto Networks PAN-OS software that enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.
CVE-2023-0005 allows an authenticated administrator to access and expose sensitive information, such as plaintext secrets and encrypted API keys, stored in the device configuration.
Palo Alto Networks PAN-OS software versions 8.1.0 to 8.1.24, 9.0.0 to 9.0.17, 9.1.0 to 9.1.15, 10.0.0 to 10.0.12, 10.1.0 to 10.1.8, and 10.2.0 to 10.2.3 are affected by CVE-2023-0005.
CVE-2023-0005 has a severity rating of 4.9, which is considered medium.
To mitigate CVE-2023-0005, it is recommended to upgrade Palo Alto Networks PAN-OS software to a version that is not affected by the vulnerability.