This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a local user to decrypt credentials.
The vulnerability exists due to software does not use the sufficient level of computational effort when creating password hashes for local user account. A local privileged user can crack passwords.
The vulnerability affects only to PAN-OS firewalls and Panorama appliances running in normal (non-FIPS-CC) operational mode.Mitigation
Install updates from vendor's website.Vulnerable software versions
Palo Alto PAN-OS: 10.0.0 - 10.0.6, 9.0 - 9.0.16, 9.1 - 9.1.10, 8.1 - 8.1.20-h1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?