PAN-OS Arbitrary File Upload Allows Authenticated Code Exec
CVE-2023-6794 Published on December 13, 2023
PAN-OS: File Upload Vulnerability in the Web Interface
An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall.
Vulnerability Analysis
CVE-2023-6794 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.
Timeline
Initial publication
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2023-6794 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2023-6794
Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.
Affected Versions
Palo Alto Networks PAN-OS:- Version 8.1 and below 8.1.26 is affected.
- Version 9.0 and below 9.0.17-h1 is affected.
- Version 9.1 and below 9.1.14 is affected.
- Version 10.1 and below All is unaffected.
- Version 10.2 and below All is unaffected.
- Version 11.0 and below All is unaffected.
- Version 11.1 and below All is unaffected.
- Version All is unaffected.
- Version All is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.