CVE-2023-6791

Description

A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface.

CVSS breakdown

Affected products

• Palo Alto Networks / Cloud NGFWAll – All
• Palo Alto Networks / pan-os9.0 – 9.0.17
• Palo Alto Networks / pan-os9.1 – 9.1.16
• Palo Alto Networks / pan-os10.0 – 10.0.12
• Palo Alto Networks / pan-os10.1 – 10.1.9
• Palo Alto Networks / pan-os8.1 – 8.1.24-h1
• Palo Alto Networks / pan-os11.0 – 11.0.1
• Palo Alto Networks / pan-os11.1 – All
• Palo Alto Networks / pan-os10.2 – 10.2.4
• Palo Alto Networks / Prisma AccessAll – All

References

• MISChttps://security.paloaltonetworks.com/CVE-2023-6791