The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PAN-OS

vulnerability bulletin CVE-2016-5195

Linux kernel: privilege escalation via Copy On Write, Dirty COW

Synthesis of the vulnerability

A local attacker can generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: SNS, Cisco ATA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Cisco CUCM, Debian, NetWorker, BIG-IP Hardware, TMOS, Fedora, Android OS, HP Operations, HP Switch, Junos Space, NSM Central Manager, NSMXpress, Linux, McAfee Email Gateway, openSUSE, openSUSE Leap, Oracle Communications, Palo Alto Firewall PA***, PAN-OS, HDX, RealPresence Resource Manager, Polycom VBP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data creation/edition.
Provenance: user shell.
Creation date: 20/10/2016.
Identifiers: 1384344, 494072, c05341463, CERTFR-2016-AVI-353, CERTFR-2016-AVI-356, CERTFR-2016-AVI-357, CERTFR-2016-AVI-370, CERTFR-2017-AVI-001, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20161026-linux, cpujul2018, CVE-2016-5195, Dirty COW, DLA-670-1, DSA-3696-1, ESA-2016-170, FEDORA-2016-c3558808cd, FEDORA-2016-db4b75b352, HPESBGN03742, HPSBHF03682, JSA10770, JSA10774, K10558632, openSUSE-SU-2016:2583-1, openSUSE-SU-2016:2584-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:2649-1, PAN-SA-2017-0003, PAN-SA-2017-0013, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2016:2098-01, RHSA-2016:2105-01, RHSA-2016:2106-01, RHSA-2016:2110-01, RHSA-2016:2118-01, RHSA-2016:2120-01, RHSA-2016:2124-01, RHSA-2016:2126-01, RHSA-2016:2127-01, RHSA-2016:2128-01, RHSA-2016:2132-01, RHSA-2016:2133-01, RHSA-2018:0180-01, SB10177, SB10178, SSA:2016-305-01, STORM-2016-006, SUSE-SU-2016:2585-1, SUSE-SU-2016:2592-1, SUSE-SU-2016:2593-1, SUSE-SU-2016:2596-1, SUSE-SU-2016:2614-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, USN-3104-1, USN-3104-2, USN-3105-1, USN-3105-2, USN-3106-1, USN-3106-2, USN-3106-3, USN-3106-4, USN-3107-1, USN-3107-2, VIGILANCE-VUL-20923, VU#243144.

Description of the vulnerability

The Linux kernel supports the Copy On Write operation, which is used to copy memory only when it is modified.

However, a local attacker can manipulate the memory, so the COW operation writes in Read Only memory.

A local attacker can therefore generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 20918

PAN-OS: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 19/10/2016.
Identifiers: PAN-SA-2016-0031, VIGILANCE-VUL-20918.

Description of the vulnerability

The PAN-OS product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 20917

PAN-OS: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 1/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 19/10/2016.
Identifiers: PAN-SA-2016-0029, VIGILANCE-VUL-20917.

Description of the vulnerability

The PAN-OS product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 20846

PAN-OS: denial of service via Web Management Server

Synthesis of the vulnerability

An attacker can generate a fatal error via Web Management Server of PAN-OS, in order to trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 12/10/2016.
Identifiers: PAN-SA-2016-0027, VIGILANCE-VUL-20846.

Description of the vulnerability

An attacker can generate a fatal error via Web Management Server of PAN-OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 20774

PAN-OS: information disclosure via GlobalProtect Portal

Synthesis of the vulnerability

An attacker can use GlobalProtect Portal of PAN-OS, in order to obtain sensitive information.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 05/10/2016.
Identifiers: PAN-SA-2016-0026, VIGILANCE-VUL-20774.

Description of the vulnerability

The PAN-OS product offers a GlobalProtect Portal web service.

However, this service displays the version of PAN-OS.

An attacker can therefore use GlobalProtect Portal of PAN-OS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 20562

PAN-OS: denial of service via Web Management Interface

Synthesis of the vulnerability

An attacker can generate a fatal error via Web Management Interface of PAN-OS, in order to trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/09/2016.
Identifiers: PAN-SA-2016-0024, VIGILANCE-VUL-20562.

Description of the vulnerability

An attacker can generate a fatal error in the Web Management Interface of PAN-OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-1712

PAN-OS: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PAN-OS.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, client access/rights, data reading, denial of service on server, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 5.
Creation date: 15/07/2016.
Identifiers: CVE-2016-1712, PAN-SA-2016-0012, PAN-SA-2016-0013, PAN-SA-2016-0014, PAN-SA-2016-0015, PAN-SA-2016-0016, VIGILANCE-VUL-20121.

Description of the vulnerability

Several vulnerabilities were announced in PAN-OS.

An attacker can bypass security features via root_reboot, in order to escalate his privileges. [severity:2/4; CVE-2016-1712, PAN-SA-2016-0012]

An attacker can trigger a fatal error via Captive Portal, in order to trigger a denial of service. [severity:2/4; PAN-SA-2016-0013]

An attacker can trigger a Cross Site Scripting via Policy, in order to run JavaScript code in the context of the web site. [severity:2/4; PAN-SA-2016-0014]

An attacker can bypass security features via cron, in order to escalate his privileges. [severity:2/4; PAN-SA-2016-0015]

An attacker can bypass security features via Web Interface, in order to escalate his privileges. [severity:2/4; PAN-SA-2016-0016]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5696

Linux kernel: injecting TCP packets via Challenge ACK

Synthesis of the vulnerability

An attacker can predict the sequence of a TCP session performed to a Linux server, in order to inject a TCP packet, which can interact with the session if it is not encrypted.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, Android OS, NSM Central Manager, NSMXpress, Linux, McAfee Web Gateway, openSUSE, openSUSE Leap, PAN-OS, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: data creation/edition, data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/07/2016.
Identifiers: CERTFR-2016-AVI-287, CERTFR-2016-AVI-289, CERTFR-2017-AVI-001, CERTFR-2017-AVI-044, CERTFR-2017-AVI-053, CERTFR-2017-AVI-131, CVE-2016-5389-REJECT, CVE-2016-5696, DLA-609-1, DSA-3659-1, FEDORA-2016-784d5526d8, FEDORA-2016-9a16b2e14e, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, JSA10853, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, PAN-SA-2017-0015, RHSA-2016:1631-01, RHSA-2016:1632-01, RHSA-2016:1633-01, RHSA-2016:1657-01, RHSA-2016:1664-01, RHSA-2016:1814-01, RHSA-2016:1815-01, RHSA-2016:1939-01, SA131, SB10167, SOL46514822, SSA:2016-236-03, SSA:2016-242-01, SUSE-SU-2016:2245-1, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0437-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:1102-1, USN-3070-1, USN-3070-2, USN-3070-3, USN-3070-4, USN-3071-1, USN-3071-2, USN-3072-1, USN-3072-2, VIGILANCE-VUL-20066.

Description of the vulnerability

The Linux kernel implements the RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks).

However, this implementation provides information which can be used to inject a TCP packet in an active session, but without receiving the TCP reply.

In order to do so, the attacker has to know,
 - the IP address and the TCP port number of the server
 - the IP address of a client with an active session

An attacker can therefore predict the sequence of a TCP session performed to a Linux server, in order to inject a TCP packet, which can interact with the session if it is not encrypted.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-2219

PAN-OS: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: intranet client.
Creation date: 28/06/2016.
Identifiers: CVE-2016-2219, PAN-SA-2016-0009, VIGILANCE-VUL-19986.

Description of the vulnerability

The PAN-OS product offers a web service.

However, the data echo does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 19985

Palo Alto Networks firewalls: denial of service via API

Synthesis of the vulnerability

An unauthenticated attacker can make the API fail for a key authentication in Palo Alto Networks firewalls, in order to trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 28/06/2016.
Identifiers: PAN-SA-2016-0008, VIGILANCE-VUL-19985.

Description of the vulnerability

The Palo Alto Networks firewalls product includes an API for product configuration.

However, an error of key authentication integration in API enable to generates a fatal error via API.

An unauthenticated attacker can therefore make the API fail for a key authentication in Palo Alto Networks firewalls, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PAN-OS: