Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-0037
Vulnerability from csaf_certbund
Published
2025-01-08 23:00
Modified
2025-01-08 23:00
Summary
PaloAlto Networks Expedition: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Palo Alto Expedition ist eine Next-Generation-Firewall (NGFW)-Plattform
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in PaloAlto Networks Expedition ausnutzen, um Daten zu manipulieren, Informationen offenzulegen, einen Cross Site Scripting Angriff durchzuführen, oder Befehle auszuführen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Palo Alto Expedition ist eine Next-Generation-Firewall (NGFW)-Plattform", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in PaloAlto Networks Expedition ausnutzen, um Daten zu manipulieren, Informationen offenzulegen, einen Cross Site Scripting Angriff durchzuführen, oder Befehle auszuführen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2025-0037 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0037.json", }, { category: "self", summary: "WID-SEC-2025-0037 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0037", }, { category: "external", summary: "Palo Alto Networks Security Advisories vom 2025-01-08", url: "https://security.paloaltonetworks.com/PAN-SA-2025-0001", }, ], source_lang: "en-US", title: "PaloAlto Networks Expedition: Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-08T23:00:00.000+00:00", generator: { date: "2025-01-09T12:42:10.957+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2025-0037", initial_release_date: "2025-01-08T23:00:00.000+00:00", revision_history: [ { date: "2025-01-08T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<1.2.101", product: { name: "PaloAlto Networks Expedition <1.2.101", product_id: "T040073", }, }, { category: "product_version", name: "1.2.101", product: { name: "PaloAlto Networks Expedition 1.2.101", product_id: "T040073-fixed", product_identification_helper: { cpe: "cpe:/a:paloaltonetworks:expedition:1.2.101", }, }, }, ], category: "product_name", name: "Expedition", }, ], category: "vendor", name: "PaloAlto Networks", }, ], }, vulnerabilities: [ { cve: "CVE-2025-0103", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in PaloAlto Networks Expedition. Es handelt sich um eine SQL-Injection-Schwachstelle. Ein entfernter, authentifizierter Angreifer kann dadurch kritische Informationen wie Passwort-Hashes, Benutzernamen, Gerätekonfigurationen und API-Keys ausspionieren und manipulieren.", }, ], product_status: { known_affected: [ "T040073", ], }, release_date: "2025-01-08T23:00:00.000+00:00", title: "CVE-2025-0103", }, { cve: "CVE-2025-0104", notes: [ { category: "description", text: "In PaloAlto Networks Expedition existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in Expedition nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.", }, ], product_status: { known_affected: [ "T040073", ], }, release_date: "2025-01-08T23:00:00.000+00:00", title: "CVE-2025-0104", }, { cve: "CVE-2025-0105", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in PaloAlto Networks Expedition. Es handelt sich um eine Schwachstelle es ermöglicht Dateien auf dem Expidition Datei-System zu löschen. Ein entfernter, anonymer Angreifer kann diese Ausnutzen um Dateien zu manipulieren oder zu löschen .", }, ], product_status: { known_affected: [ "T040073", ], }, release_date: "2025-01-08T23:00:00.000+00:00", title: "CVE-2025-0105", }, { cve: "CVE-2025-0106", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in PaloAlto Networks Expedition. Es handelt sich um eine \"wildcard expansion\"-Schwachstelle, die die unsichere Handhabung von Wildcards für Dateien und Argumente ausnutzt. Ein entfernter, anonymer Angreifer kann dadurch Schädliche Dateien anlegen oder Informationen Manipulieren.", }, ], product_status: { known_affected: [ "T040073", ], }, release_date: "2025-01-08T23:00:00.000+00:00", title: "CVE-2025-0106", }, { cve: "CVE-2025-0107", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in PaloAlto Networks Expedition. Hierbei handelt es sich um eine OS Command Injection-Schwachstelle, die es ermöglicht, ohne ausreichende Validierung schädliche Eingaben in das Betriebssystem vorzunehmen. Ein entfernter, authentisierter Angreifer kann beliebige OS Befehle ausführen und dadurch weitere Informationen offenlegen.", }, ], product_status: { known_affected: [ "T040073", ], }, release_date: "2025-01-08T23:00:00.000+00:00", title: "CVE-2025-0107", }, ], }
cve-2025-0104
Vulnerability from cvelistv5
Published
2025-01-11 03:00
Modified
2025-01-13 19:51
Severity ?
Summary
A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to Expedition browser-session theft.
References
▼ | URL | Tags |
---|---|---|
https://security.paloaltonetworks.com/PAN-SA-2025-0001 | vendor-advisory |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Palo Alto Networks | Cloud NGFW |
Patch: All |
|||||||||||||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0104", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-13T19:51:18.710027Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-13T19:51:27.183Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Expedition", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "1.2.100", status: "unaffected", }, ], lessThan: "1.2.100", status: "affected", version: "1", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Panorama", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "No special configuration is required to be affected by this issue.", }, ], value: "No special configuration is required to be affected by this issue.", }, ], credits: [ { lang: "en", type: "finder", value: "Mesut Cetin of RedTeamer IT Security", }, { lang: "en", type: "finder", value: "Advanced Research Team, CrowdStrike", }, ], datePublic: "2025-01-08T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to Expedition browser-session theft.", }, ], value: "A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to Expedition browser-session theft.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-63", descriptions: [ { lang: "en", value: "CAPEC-63 Cross-Site Scripting (XSS)", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "USER", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 7, baseSeverity: "HIGH", privilegesRequired: "NONE", providerUrgency: "AMBER", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "ACTIVE", valueDensity: "CONCENTRATED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "HIGH", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-11T03:00:40.318Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { tags: [ "vendor-advisory", ], url: "https://security.paloaltonetworks.com/PAN-SA-2025-0001", }, ], solutions: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in Expedition 1.2.100 and all later versions* of Expedition.<br><br>* Expedition <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642\">reached its End of Life (EoL) date</a> and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642\">the Expedition End of Life Announcement</a>.", }, ], value: "This issue is fixed in Expedition 1.2.100 and all later versions* of Expedition.\n\n* Expedition reached its End of Life (EoL) date https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in the Expedition End of Life Announcement https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 .", }, ], source: { discovery: "EXTERNAL", }, tags: [ "unsupported-when-assigned", ], timeline: [ { lang: "en", time: "2025-01-08T17:00:00.000Z", value: "Initial publication", }, ], title: "Expedition: Cross-Site Scripting (XSS) Vulnerability", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.", }, ], value: "Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2025-0104", datePublished: "2025-01-11T03:00:40.318Z", dateReserved: "2024-12-20T23:23:02.943Z", dateUpdated: "2025-01-13T19:51:27.183Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0103
Vulnerability from cvelistv5
Published
2025-01-11 02:59
Modified
2025-01-13 19:52
Severity ?
EPSS score ?
Summary
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.
References
▼ | URL | Tags |
---|---|---|
https://security.paloaltonetworks.com/PAN-SA-2025-0001 | vendor-advisory |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Palo Alto Networks | Cloud NGFW |
Patch: All |
|||||||||||||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0103", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-13T19:52:37.496583Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-13T19:52:47.949Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Expedition", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "1.2.100", status: "unaffected", }, ], lessThan: "1.2.100", status: "affected", version: "1", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Panorama", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "No special configuration is required to be affected by this issue.", }, ], value: "No special configuration is required to be affected by this issue.", }, ], credits: [ { lang: "en", type: "finder", value: "Mesut Cetin of RedTeamer IT Security", }, ], datePublic: "2025-01-08T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.", }, ], value: "An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-66", descriptions: [ { lang: "en", value: "CAPEC-66 SQL Injection", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "USER", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 9.2, baseSeverity: "CRITICAL", privilegesRequired: "NONE", providerUrgency: "AMBER", subAvailabilityImpact: "NONE", subConfidentialityImpact: "HIGH", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "CONCENTRATED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "HIGH", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-11T02:59:51.177Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { tags: [ "vendor-advisory", ], url: "https://security.paloaltonetworks.com/PAN-SA-2025-0001", }, ], solutions: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in Expedition 1.2.100 and all later versions* of Expedition.<br><br>* Expedition <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642\">reached its End of Life (EoL) date</a> and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642\">the Expedition End of Life Announcement</a>.", }, ], value: "This issue is fixed in Expedition 1.2.100 and all later versions* of Expedition.\n\n* Expedition reached its End of Life (EoL) date https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in the Expedition End of Life Announcement https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 .", }, ], source: { discovery: "EXTERNAL", }, tags: [ "unsupported-when-assigned", ], timeline: [ { lang: "en", time: "2025-01-08T17:00:00.000Z", value: "Initial publication", }, ], title: "Expedition: SQL Injection Vulnerability", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.", }, ], value: "Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2025-0103", datePublished: "2025-01-11T02:59:51.177Z", dateReserved: "2024-12-20T23:22:57.417Z", dateUpdated: "2025-01-13T19:52:47.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0107
Vulnerability from cvelistv5
Published
2025-01-11 03:02
Modified
2025-01-24 04:56
Severity ?
EPSS score ?
Summary
An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.
References
▼ | URL | Tags |
---|---|---|
https://security.paloaltonetworks.com/PAN-SA-2025-0001 | vendor-advisory |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Palo Alto Networks | Cloud NGFW |
Patch: All |
|||||||||||||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0107", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-24T04:56:01.054Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Expedition", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "1.2.100", status: "unaffected", }, ], lessThan: "1.2.100", status: "affected", version: "1", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Panorama", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "No special configuration is required to be affected by this issue.", }, ], value: "No special configuration is required to be affected by this issue.", }, ], credits: [ { lang: "en", type: "finder", value: "An independent security researcher working with SSD Secure Disclosure", }, { lang: "en", type: "finder", value: "Advanced Research Team, CrowdStrike", }, ], datePublic: "2025-01-08T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.", }, ], value: "An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-88", descriptions: [ { lang: "en", value: "CAPEC-88 OS Command Injection", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "USER", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 7.7, baseSeverity: "HIGH", privilegesRequired: "NONE", providerUrgency: "GREEN", subAvailabilityImpact: "NONE", subConfidentialityImpact: "HIGH", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "CONCENTRATED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Green", version: "4.0", vulnAvailabilityImpact: "LOW", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "HIGH", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-15T22:23:29.276Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { tags: [ "vendor-advisory", ], url: "https://security.paloaltonetworks.com/PAN-SA-2025-0001", }, ], solutions: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in Expedition 1.2.100 and all later versions* of Expedition.<br><br>* Expedition <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642\">reached its End of Life (EoL) date</a> and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642\">the Expedition End of Life Announcement</a>.", }, ], value: "This issue is fixed in Expedition 1.2.100 and all later versions* of Expedition.\n\n* Expedition reached its End of Life (EoL) date https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in the Expedition End of Life Announcement https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 .", }, ], source: { discovery: "EXTERNAL", }, tags: [ "unsupported-when-assigned", ], timeline: [ { lang: "en", time: "2025-01-08T17:00:00.000Z", value: "Initial publication", }, { lang: "en", time: "2025-01-15T00:30:00.000Z", value: "Corrected the CVSS score to note that authentication is not needed", }, ], title: "Expedition: OS Command Injection Vulnerability", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.", }, ], value: "Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2025-0107", datePublished: "2025-01-11T03:02:49.517Z", dateReserved: "2024-12-20T23:23:09.397Z", dateUpdated: "2025-01-24T04:56:01.054Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0106
Vulnerability from cvelistv5
Published
2025-01-11 03:02
Modified
2025-01-13 19:48
Severity ?
EPSS score ?
Summary
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.
References
▼ | URL | Tags |
---|---|---|
https://security.paloaltonetworks.com/PAN-SA-2025-0001 | vendor-advisory |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Palo Alto Networks | Cloud NGFW |
Patch: All |
|||||||||||||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0106", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-13T19:48:34.201820Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-13T19:48:42.286Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Expedition", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "1.2.101", status: "unaffected", }, ], lessThan: "1.2.101", status: "affected", version: "1", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Panorama", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "No special configuration is required to be affected by this issue.", }, ], value: "No special configuration is required to be affected by this issue.", }, ], credits: [ { lang: "en", type: "finder", value: "Advanced Research Team, CrowdStrike", }, ], datePublic: "2025-01-08T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.", }, ], value: "A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-127", descriptions: [ { lang: "en", value: "CAPEC-127 Directory Indexing", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "USER", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6.9, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "GREEN", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "CONCENTRATED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Green", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "LOW", vulnIntegrityImpact: "NONE", vulnerabilityResponseEffort: "HIGH", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-155", description: "CWE-155 Improper Neutralization of Wildcards or Matching Symbols", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-11T03:02:24.574Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { tags: [ "vendor-advisory", ], url: "https://security.paloaltonetworks.com/PAN-SA-2025-0001", }, ], solutions: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in Expedition 1.2.101 and all later versions* of Expedition.<br><br>* Expedition <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642\">reached its End of Life (EoL) date</a> and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642\">the Expedition End of Life Announcement</a>.", }, ], value: "This issue is fixed in Expedition 1.2.101 and all later versions* of Expedition.\n\n* Expedition reached its End of Life (EoL) date https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in the Expedition End of Life Announcement https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 .", }, ], source: { discovery: "EXTERNAL", }, tags: [ "unsupported-when-assigned", ], timeline: [ { lang: "en", time: "2025-01-08T17:00:00.000Z", value: "Initial publication", }, ], title: "Expedition: Wildcard Expansion Vulnerability", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.", }, ], value: "Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2025-0106", datePublished: "2025-01-11T03:02:24.574Z", dateReserved: "2024-12-20T23:23:08.270Z", dateUpdated: "2025-01-13T19:48:42.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-0105
Vulnerability from cvelistv5
Published
2025-01-11 03:01
Modified
2025-01-13 19:50
Severity ?
EPSS score ?
Summary
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.
References
▼ | URL | Tags |
---|---|---|
https://security.paloaltonetworks.com/PAN-SA-2025-0001 | vendor-advisory |
Impacted products
Vendor | Product | Version | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Palo Alto Networks | Cloud NGFW |
Patch: All |
|||||||||||||||||||||
|
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-0105", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-13T19:50:27.951601Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-13T19:50:31.391Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Cloud NGFW", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Expedition", vendor: "Palo Alto Networks", versions: [ { changes: [ { at: "1.2.101", status: "unaffected", }, ], lessThan: "1.2.101", status: "affected", version: "1", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Panorama", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "PAN-OS", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Prisma Access", vendor: "Palo Alto Networks", versions: [ { status: "unaffected", version: "All", versionType: "custom", }, ], }, ], configurations: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "No special configuration is required to be affected by this issue.", }, ], value: "No special configuration is required to be affected by this issue.", }, ], credits: [ { lang: "en", type: "finder", value: "Advanced Research Team, CrowdStrike", }, ], datePublic: "2025-01-08T17:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.", }, ], value: "An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem.", }, ], exploits: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], value: "Palo Alto Networks is not aware of any malicious exploitation of this issue.", }, ], impacts: [ { capecId: "CAPEC-165", descriptions: [ { lang: "en", value: "CAPEC-165 File Manipulation", }, ], }, ], metrics: [ { cvssV4_0: { Automatable: "NO", Recovery: "USER", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", baseScore: 6.9, baseSeverity: "MEDIUM", privilegesRequired: "NONE", providerUrgency: "GREEN", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "CONCENTRATED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Green", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "HIGH", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-73", description: "CWE-73 External Control of File Name or Path", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-11T03:01:24.168Z", orgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", shortName: "palo_alto", }, references: [ { tags: [ "vendor-advisory", ], url: "https://security.paloaltonetworks.com/PAN-SA-2025-0001", }, ], solutions: [ { lang: "eng", supportingMedia: [ { base64: false, type: "text/html", value: "This issue is fixed in Expedition 1.2.101 and all later versions* of Expedition.<br><br>* Expedition <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642\">reached its End of Life (EoL) date</a> and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in <a target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642\">the Expedition End of Life Announcement</a>.", }, ], value: "This issue is fixed in Expedition 1.2.101 and all later versions* of Expedition.\n\n* Expedition reached its End of Life (EoL) date https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 and is no longer supported. We added these fixes prior to the EoL date and we do not plan to make any additional updates or security fixes. Please use the suggested alternatives listed in the Expedition End of Life Announcement https://live.paloaltonetworks.com/t5/expedition-articles/important-update-end-of-life-announcement-for-palo-alto-networks/ta-p/589642 .", }, ], source: { discovery: "EXTERNAL", }, tags: [ "unsupported-when-assigned", ], timeline: [ { lang: "en", time: "2025-01-08T17:00:00.000Z", value: "Initial publication", }, ], title: "Expedition: Arbitrary File Deletion Vulnerability", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.", }, ], value: "Ensure that all network access to Expedition is restricted to only authorized users, hosts, and networks. If you are not actively using Expedition, make sure that your Expedition software is shut down.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", assignerShortName: "palo_alto", cveId: "CVE-2025-0105", datePublished: "2025-01-11T03:01:24.168Z", dateReserved: "2024-12-20T23:23:06.874Z", dateUpdated: "2025-01-13T19:50:31.391Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.