fkie_cve-2025-0124
Vulnerability from fkie_nvd
Published
2025-04-11 02:15
Modified
2025-04-11 15:39
Severity ?
Summary
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.
The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS\u00ae software enables an authenticated attacker with network access to the management web interface to delete certain files as the \u201cnobody\u201d user; this includes limited logs and configuration files but does not include system files.\n\nThe attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue affects Cloud NGFW. However, this issue does not affect Prisma\u00ae Access software."
},
{
"lang": "es",
"value": "Una vulnerabilidad de eliminaci\u00f3n de archivos autenticados en el software PAN-OS\u00ae de Palo Alto Networks permite que un atacante autenticado con acceso de red a la interfaz web de administraci\u00f3n elimine ciertos archivos como usuario \u201cnobody\u201d; Esto incluye registros y archivos de configuraci\u00f3n limitados, pero no incluye archivos del sistema. El atacante debe tener acceso a la red a la interfaz web de administraci\u00f3n para explotar este problema. Puede reducir en gran medida el riesgo de que se produzca este problema al restringir el acceso a la interfaz web de administraci\u00f3n solo a direcciones IP internas confiables de acuerdo con nuestras pautas de implementaci\u00f3n cr\u00edtica recomendadas https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431. Este problema afecta a Cloud NGFW. Sin embargo, este problema no afecta al software Prisma\u00ae Access."
}
],
"id": "CVE-2025-0124",
"lastModified": "2025-04-11T15:39:52.920",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
},
"published": "2025-04-11T02:15:18.663",
"references": [
{
"source": "psirt@paloaltonetworks.com",
"url": "https://security.paloaltonetworks.com/CVE-2025-0124"
}
],
"sourceIdentifier": "psirt@paloaltonetworks.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "psirt@paloaltonetworks.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…