This vulnerability is being actively exploited in the wild.
A file read vulnerability has been identified in the management web interface of Palo Alto Networks PAN-OS software. This vulnerability allows an authenticated attacker with network access to the management interface to read files on the PAN-OS filesystem that are accessible by the 'nobody' user. The issue arises from improper access controls, enabling file manipulation through the management web interface. The vulnerability affects several versions of PAN-OS, including 10.1, 10.2, 11.1, and 11.2, but does not impact Cloud NGFW or Prisma Access software.
Exploitation of this vulnerability allows for unauthorized file access, potentially leading to the exposure of sensitive information stored on the device.
Users can upgrade to the latest patched versions of PAN-OS. Specific upgrade instructions vary by version, so users should consult the Palo Alto Networks official documentation or the Customer Support Portal for guidance.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
