Published: 03/07/2018 Updated: 17/02/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The PAN-OS management web interface page in PAN-OS 6.1.20 and previous versions, PAN-OS 7.1.16 and previous versions, PAN-OS 8.0.8 and previous versions, and PAN-OS 8.1.0 may allow an malicious user to access the GlobalProtect password hashes of local users via manipulation of the HTML markup.

Vulnerable Product	Search on Vulmon	Subscribe to Product
paloaltonetworks pan-os
paloaltonetworks pan-os 8.1.0

CVE-2018-9334 Information Disclosure in the PAN-OS Management Web Interface ...

Highlights from vulnerabilities I've discovered and original exploits

trophies Collection of vulnerabilities I've discovered and original exploits Password Hash Disclosure nvdnistgov/vuln/detail/CVE-2018-9334 wwwsecurityfocuscom/bid/104677/info GlobalProtect User Stored Password Decryption githubcom/billchaison/ClobberProtect GlobalProtect client VPN tunnel crash Release 104000000, Security Fix, PuTTY Log Pa

CWE-269 http://www.securityfocus.com/bid/104677 http://www.securitytracker.com/id/1041243 https://security.paloaltonetworks.com/CVE-2018-9334 https://nvd.nist.gov https://github.com/billchaison/trophies https://security.paloaltonetworks.com/Home/Detail/124

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-9334

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect