Wildfire Wf 500 And Wf 500 B
Monthly
Authenticated file read and delete in Palo Alto Networks WildFire WF-500 and WF-500-B on-premise sandboxing appliances exposes sensitive system information and permits arbitrary file deletion by low-privileged network users. The root cause is CWE-73 (External Control of File Name or Path), where user-supplied input is insufficiently validated before being used to construct file system paths. Exploitation is constrained to appliances running in the default non-FIPS configuration mode; organizations relying solely on the WildFire Public cloud service are not impacted. No public exploit has been identified at time of analysis, consistent with EPSS at 0.05% (16th percentile) and SSVC exploitation status of 'none'.
Authenticated file read and delete in Palo Alto Networks WildFire WF-500 and WF-500-B on-premise sandboxing appliances exposes sensitive system information and permits arbitrary file deletion by low-privileged network users. The root cause is CWE-73 (External Control of File Name or Path), where user-supplied input is insufficiently validated before being used to construct file system paths. Exploitation is constrained to appliances running in the default non-FIPS configuration mode; organizations relying solely on the WildFire Public cloud service are not impacted. No public exploit has been identified at time of analysis, consistent with EPSS at 0.05% (16th percentile) and SSVC exploitation status of 'none'.