CVE-2024-5916 MEDIUM

CVE-2024-5916: PAN-OS: Cleartext Exposure of External System Secrets

Vendor Palo Alto Networks
Product PAN-OS
Weakness CWE-313
Published August 14, 2024
Last update April 30, 2025

CVSS base score

6.0/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/AU:N/R:U/V:C/RE:H/U:Amber

What the vulnerability does

01Description

An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.

Key dates

02Disclosure timeline

August 14, 2024 CVE published
April 30, 2025 Record updated

Related vulnerabilities

04Related CVE