CVE-2026-4761
3.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Amber
Summary
When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group.
- Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed
- Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable
Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CODRA | Panorama Suite | Panorama Suite 2025 < update PS-2500-00-0357 | affected |
| CODRA | Panorama Suite | Panorama Suite 2025 Updated Dec. 25 | unaffected |
Weaknesses
- CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.