CVE-2023-6791: 
PAN-OS vulnerability analysis and mitigation

A credential disclosure vulnerability was discovered in Palo Alto Networks PAN-OS software, identified as CVE-2023-6791. The vulnerability was disclosed on December 13, 2023, affecting multiple versions of PAN-OS software. This security flaw enables authenticated read-only administrators to access plaintext credentials of stored external system integrations, including LDAP, SCP, RADIUS, TACACS+, and SNMP through the web interface (Palo Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. It is classified under CWE-522 (Insufficiently Protected Credentials) and CWE-701 (Weaknesses Introduced During Design). The vulnerability affects multiple versions of PAN-OS, including versions 8.1.0-8.1.24, 9.0.0-9.0.17, 9.1.0-9.1.16, 10.0.0-10.0.12, 10.1.0-10.1.9, 10.2.0-10.2.4, and 11.0.0 (NVD).

The vulnerability allows authenticated read-only administrators to obtain plaintext credentials for external system integrations. This exposure could potentially lead to unauthorized access to connected systems and services if the exposed credentials are misused. The vulnerability primarily affects the confidentiality of the system, with high subsequent confidentiality impact (Palo Advisory).

Palo Alto Networks has released fixes in PAN-OS versions 8.1.24-h1, 9.0.17, 9.1.16, 10.0.12, 10.1.9, 10.2.4, 11.0.1, and all later versions. After upgrading to a fixed version, administrators should issue new credentials for the impacted external integrations to prevent misuse of previously exposed credentials. The impact can be mitigated by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation (Palo Advisory).