CVE-2026-4760
7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Red
Summary
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account.
- Installations based on Panorama Suite 2022-SP1 (22.50.005) are vulnerable unless update PS-2210-02-4079 (or higher) is installed
- Installations based on Panorama Suite 2023 (23.00.004) are vulnerable unless updates PS-2300-03-3078 (or higher) and PS-2300-04-3078 (or higher) and PS-2300-82-3078 (or higher) are installed
- Installations based on Panorama Suite 2025 (25.00.016) are vulnerable unless updates PS-2500-02-1078 (or higher) and PS-2500-04-1078 (or higher) are installed
- Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are vulnerable unless updates PS-2510-02-1077 (or higher) and PS-2510-04-1077 (or higher) are installed
Please refer to security bulletin BS-035, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt .
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CODRA | Panorama Suite | Panorama Suite 2022-SP1 < update PS-2210-02-4079 | affected |
| CODRA | Panorama Suite | Panorama Suite 2023 < update PS-2300-03-3078 AND PS-2300-04-3078 AND PS-2300-82-3078 | affected |
| CODRA | Panorama Suite | Panorama Suite 2025 < update PS-2500-02-1078 AND PS-2500-04-1078 | affected |
| CODRA | Panorama Suite | Panorama Suite 2025 Updated Dec. 25 < update PS-2510-02-1077 AND PS-2510-04-1077 | affected |
Weaknesses
- CWE-552: CWE-552 Files or directories accessible to external parties
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.