CVE-2012-6603

The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2012-6603

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os:3.1.9:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:3.1.10:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.0.0:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.0.1:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.0.2:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.0.3:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.0.4:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.0.5:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.0.6:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.0.7:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.0.8:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.1.0:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.1.1:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.1.2:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:4.1.3:::::::*

History

No history.

Information

Published : 2013-08-31 17:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-6603

Mitre link : CVE-2012-6603

CVE.ORG link : CVE-2012-6603

JSON object : View

Products Affected

paloaltonetworks

pan-os

CWE

CWE-287

Improper Authentication

{"id": "CVE-2012-6603", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-08-31T17:55:03.437", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2012-6603", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034."}, {"lang": "es", "value": "La gesti\u00f3n del dispositivo a trav\u00e9s del interfaz web en Palo Alto Networks PAN-OS anterior a 3.1.12, 4.0.x anterior a 4.0.10 y 4.1.x anterior a 4.1.4, permite a usuarios autenticados remotamente evitar la autenticaci\u00f3n y obtener privilegios de administrador. Aka Ref ID 37034."}], "lastModified": "2020-02-17T16:15:16.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91B39859-3571-4EF8-A455-4E2F90173AE6", "versionEndIncluding": "3.1.11"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:3.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E33D6F2-FBAF-4632-8813-7AC39D773A8B"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:3.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D64CE395-BE5B-41F7-AA15-480AC4478487"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9547FFD1-8161-45C4-BEC9-0BC30FA46A92"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0384B38B-C69B-4DAB-9276-7B10AAAD588F"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB324D9A-7A8A-4AD6-89F7-F4F9EA2441DE"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "540806F7-4C35-43CD-8AC0-7D9FAC42FEF5"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "818D028C-627D-49A4-ACD6-44821BA5106A"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C789DFD-189D-4CF3-A3BF-B2B854BEFE9A"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30831F67-692C-497A-8F33-59F57AE2D513"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81D87787-B186-46A2-8A11-0AEDFBD17D7A"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "779B0CEB-9BC0-4A54-9DDF-C37796E51D2D"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E1861E9-228B-4A82-B885-987CEFAA7974"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C3773D9-21A6-4102-879B-C902D7F33F1F"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17BB4059-3A6E-451F-BE4F-BF14C8186F9F"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81D4D653-1BBD-4228-AE3F-62C9F75DE8AB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}