漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PAN-OS: Spoofed Kerberos key distribution center authentication bypass
Vulnerability Description
An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Palo Alto Networks PAN-OS 安全漏洞
Vulnerability Description
Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。 Palo Alto Networks PAN-OS中的身份验证程序和User-ID组件存在安全漏洞,该漏洞源于在验证用户之前无法验证Kerberos密钥分发中心(KDC)的完整性。攻击者可利用该漏洞以管理员身份登录PAN-OS。以下产品及版本受到影响:PAN-OS 7.1.26之前的7.1.x版本,8.1.13之前的8.1.x版本,9.0.6之前的9.0.x版本,8.0所有
CVSS Information
N/A
Vulnerability Type
N/A