[Palo Alto Networks Security Advisories] CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets
Palo Alto Networks Security Advisories /CVE-2024-5916
CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets
Description
An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Cloud NGFW | None | All |
| PAN-OS 11.2 | None | All |
| PAN-OS 11.1 | None | All |
| PAN-OS 11.0 | < 11.0.4 | >= 11.0.4 |
| PAN-OS 10.2 | < 10.2.7-h13 < 10.2.8 | >= 10.2.7-h13 >= 10.2.8 |
| PAN-OS 10.1 | None | All |
| PAN-OS 9.1 | None | All |
| Prisma Access | None | All |
Required Configuration for Exposure
No special configuration is needed to be affected by this issue.
Severity:MEDIUM, Suggested Urgency:MODERATE
CVSS-BT:6.0 /CVSS-B:6.0 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-313: Cleartext Storage in a File or on Disk
Solution
This issue is fixed in PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions. This issue is fixed in Cloud NGFW on or after 8/15 on Azure, Cloud NGFW on or after 8/23 on AWS, and all later Cloud NGFW versions.You should also revoke the secrets, passwords, and tokens that are configured in all server profiles of affected PAN-OS firewalls (Device > Server Profiles) after upgrading PAN-OS.
Workarounds and Mitigations
No known workarounds or mitigations exist for this issue.
Acknowledgments
CPEs
cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*
Timeline
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
