CVE-2019-17437

High

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to…

palo_alto·CWE-280·Published 2019-12-05

CVSS

7.8

EPSS

0.00

KEV

Exploits

cve.orgen

405 chars

An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.

NVDen

405 chars

NVDes

483 chars

Una comprobación de autenticación inapropiada en PAN-OS de Palo Alto Networks puede permitir a un usuario de rol personalizado no superusuario poco privilegiado autenticado elevar los privilegios y convertirse en superusuario. Este problema afecta a PAN-OS versiones 7.1 anteriores a 7.1.25; versiones 8.0 anteriores a 8.0.20; versiones 8.1 anteriores a 8.1.11; versiones 9.0 anteriores a 9.0.5. PAN-OS versión 7.0 y versiones EOL anteriores no han sido evaluadas para este problema.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	cve.org	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H