CVE-2019-1575
N/A
N/A
Summary
Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palo Alto | Palo Alto Networks PAN-OS | PAN-OS 7.1.23 and earlier | affected |
| Palo Alto | Palo Alto Networks PAN-OS | PAN-OS 8.0.18 and earlier | affected |
| Palo Alto | Palo Alto Networks PAN-OS | PAN-OS 8.1.8-h4 and earlier | affected |
| Palo Alto | Palo Alto Networks PAN-OS | and PAN-OS 9.0.2-h3 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.