PT-2025-15870 · Palo Alto Networks · Pan-Os
Saurabh Tripathi
·
Published
2025-04-09
·
Updated
2025-04-13
·
CVE-2025-0123
CVSS v4.0
5.9
Medium
| Vector | AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber |
Name of the Vulnerable Software and Affected Versions:
PAN-OS versions (affected versions not specified)
Description:
A vulnerability in the PAN-OS software allows unlicensed administrators to view clear-text data captured using the packet capture feature in decrypted HTTP/2 data streams traversing network interfaces on the firewall. This issue does not impact HTTP/1.1 data streams. To exploit this issue, an administrator must obtain network access to the management interface and successfully authenticate. The risk of this issue can be reduced by restricting access to the management interface to only trusted administrators and from only internal IP addresses.
Recommendations:
For all affected versions, restrict access to the management interface to only trusted administrators and from only internal IP addresses to minimize the risk of exploitation.
As a temporary workaround, consider disabling the packet capture feature for HTTP/2 data streams until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os