CVE-2023-6794: 
PAN-OS vulnerability analysis and mitigation

An arbitrary file upload vulnerability (CVE-2023-6794) was discovered in Palo Alto Networks PAN-OS software. The vulnerability was disclosed on December 13, 2023, and affects specific versions of PAN-OS software. This security issue enables an authenticated read-write administrator with access to the web interface to potentially compromise system security (Palo Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 5.9 (MEDIUM severity). The attack requires network access (AV:N), has low attack complexity (AC:L), requires high privileges (PR:H), and needs no user interaction (UI:N). The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and could potentially lead to high confidentiality impact and low integrity impact (Palo Advisory).

If exploited, this vulnerability could allow an attacker to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. The impact assessment indicates high confidentiality impact and low integrity impact, while availability impact is considered none (Palo Advisory).

The vulnerability has been fixed in PAN-OS versions 8.1.26, 9.0.17-h1, 9.1.14, and all later PAN-OS versions. Organizations can mitigate the impact by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation. Customers affected by the PAN-OS root and default certificate expiration issue should carefully select the fixed version when upgrading (Palo Advisory).