PAN-OS Local Auth Info Exposure via Config Log
CVE-2024-5916 Published on August 14, 2024

PAN-OS: Cleartext Exposure of External System Secrets
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.

NVD

Timeline

2024-08-14

Initial publication

2025-04-30

Updated fix availability for PAN-OS 10.2 259 days later.

Weakness Type

Cleartext Storage in a File or on Disk

The application stores sensitive information in cleartext in a file, or on disk. The sensitive information could be read by attackers with access to the file, or with physical or administrator access to the raw disk. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Products Associated with CVE-2024-5916

Want to know whenever a new CVE is published for Palo Alto Networks PAN-OS? stack.watch will email you.

Palo Alto Networks PAN-OS

Affected Versions

Palo Alto Networks PAN-OS:

Version 9.1 is unaffected.
Version 10.1 is unaffected.
Version 10.2 and below 10.2.8 is affected.
Version 11.0 and below 11.0.4 is affected.
Version 11.1 is unaffected.

Palo Alto Networks Cloud NGFW:

Version Before 8/15 is affected.
Version On or after 8/15 is unaffected.
Version Before 8/23 is affected.
Version On or after 8/23 is unaffected.

Palo Alto Networks Prisma Access:

Version All is unaffected.

Exploit Probability

EPSS

0.08%

Percentile

24.27%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.