Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-6596

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-31 Aug, 2013 | 17:00
Updated At-06 Aug, 2024 | 21:36
Rejected At-
Credits

Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:31 Aug, 2013 | 17:00
Updated At:06 Aug, 2024 | 21:36
Rejected At:
▼CVE Numbering Authority (CNA)

Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2012-6596
x_refsource_CONFIRM
Hyperlink: https://security.paloaltonetworks.com/CVE-2012-6596
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2012-6596
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.paloaltonetworks.com/CVE-2012-6596
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Aug, 2013 | 17:55
Updated At:11 Apr, 2025 | 00:51

Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.0.0
cpe:2.3:o:paloaltonetworks:pan-os:4.0.0:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.0.1
cpe:2.3:o:paloaltonetworks:pan-os:4.0.1:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.0.2
cpe:2.3:o:paloaltonetworks:pan-os:4.0.2:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.0.3
cpe:2.3:o:paloaltonetworks:pan-os:4.0.3:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.0.4
cpe:2.3:o:paloaltonetworks:pan-os:4.0.4:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.0.5
cpe:2.3:o:paloaltonetworks:pan-os:4.0.5:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.0.6
cpe:2.3:o:paloaltonetworks:pan-os:4.0.6:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.0.7
cpe:2.3:o:paloaltonetworks:pan-os:4.0.7:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.0.8
cpe:2.3:o:paloaltonetworks:pan-os:4.0.8:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.1.0
cpe:2.3:o:paloaltonetworks:pan-os:4.1.0:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.1.1
cpe:2.3:o:paloaltonetworks:pan-os:4.1.1:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>4.1.2
cpe:2.3:o:paloaltonetworks:pan-os:4.1.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-255Primarynvd@nist.gov
CWE ID: CWE-255
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.paloaltonetworks.com/CVE-2012-6596cve@mitre.org
N/A
https://security.paloaltonetworks.com/CVE-2012-6596af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://security.paloaltonetworks.com/CVE-2012-6596
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.paloaltonetworks.com/CVE-2012-6596
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2018-10142
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.18%
||
7 Day CHG~0.00%
Published-27 Nov, 2018 | 21:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-expeditionPalo Alto Networks Expedition
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-6356
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.23%
||
7 Day CHG~0.00%
Published-20 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-terminal_services_agentn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-2012
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-1.99% / 82.87%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 19:07
Updated-17 Sep, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak

Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-15943
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.58%
||
7 Day CHG~0.00%
Published-11 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-pan-osn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2019-1572
Matching Score-8
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-8
Assigner-Palo Alto Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.34%
||
7 Day CHG~0.00%
Published-26 Mar, 2019 | 21:48
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CVE-2017-7945
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-29 Apr, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-pan-osn/a
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
Details not found