| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of PAN-OS
Linux kernel: privilege escalation via Copy On Write, Dirty COW
Synthesis of the vulnerability
A local attacker can generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: SNS, Cisco ATA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Cisco CUCM, Debian, NetWorker, BIG-IP Hardware, TMOS, Fedora, Android OS, HP Operations, HP Switch, Junos Space, NSM Central Manager, NSMXpress, Linux, McAfee Email Gateway, openSUSE, openSUSE Leap, Oracle Communications, Palo Alto Firewall PA***, PAN-OS, HDX, RealPresence Resource Manager, Polycom VBP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data creation/edition.
Provenance: user shell.
Creation date: 20/10/2016.
Identifiers: 1384344, 494072, c05341463, CERTFR-2016-AVI-353, CERTFR-2016-AVI-356, CERTFR-2016-AVI-357, CERTFR-2016-AVI-370, CERTFR-2017-AVI-001, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20161026-linux, cpujul2018, CVE-2016-5195, Dirty COW, DLA-670-1, DSA-3696-1, ESA-2016-170, FEDORA-2016-c3558808cd, FEDORA-2016-db4b75b352, HPESBGN03742, HPSBHF03682, JSA10770, JSA10774, K10558632, openSUSE-SU-2016:2583-1, openSUSE-SU-2016:2584-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:2649-1, PAN-SA-2017-0003, PAN-SA-2017-0013, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2016:2098-01, RHSA-2016:2105-01, RHSA-2016:2106-01, RHSA-2016:2110-01, RHSA-2016:2118-01, RHSA-2016:2120-01, RHSA-2016:2124-01, RHSA-2016:2126-01, RHSA-2016:2127-01, RHSA-2016:2128-01, RHSA-2016:2132-01, RHSA-2016:2133-01, RHSA-2018:0180-01, SB10177, SB10178, SSA:2016-305-01, STORM-2016-006, SUSE-SU-2016:2585-1, SUSE-SU-2016:2592-1, SUSE-SU-2016:2593-1, SUSE-SU-2016:2596-1, SUSE-SU-2016:2614-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, USN-3104-1, USN-3104-2, USN-3105-1, USN-3105-2, USN-3106-1, USN-3106-2, USN-3106-3, USN-3106-4, USN-3107-1, USN-3107-2, VIGILANCE-VUL-20923, VU#243144.
Description of the vulnerability
The Linux kernel supports the Copy On Write operation, which is used to copy memory only when it is modified.
However, a local attacker can manipulate the memory, so the COW operation writes in Read Only memory.
A local attacker can therefore generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 19/10/2016.
Identifiers: PAN-SA-2016-0031, VIGILANCE-VUL-20918.
Description of the vulnerability
The PAN-OS product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 1/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 19/10/2016.
Identifiers: PAN-SA-2016-0029, VIGILANCE-VUL-20917.
Description of the vulnerability
The PAN-OS product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: denial of service via Web Management Server
Synthesis of the vulnerability
An attacker can generate a fatal error via Web Management Server of PAN-OS, in order to trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 12/10/2016.
Identifiers: PAN-SA-2016-0027, VIGILANCE-VUL-20846.
Description of the vulnerability
An attacker can generate a fatal error via Web Management Server of PAN-OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: information disclosure via GlobalProtect Portal
Synthesis of the vulnerability
An attacker can use GlobalProtect Portal of PAN-OS, in order to obtain sensitive information.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 05/10/2016.
Identifiers: PAN-SA-2016-0026, VIGILANCE-VUL-20774.
Description of the vulnerability
The PAN-OS product offers a GlobalProtect Portal web service.
However, this service displays the version of PAN-OS.
An attacker can therefore use GlobalProtect Portal of PAN-OS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: denial of service via Web Management Interface
Synthesis of the vulnerability
An attacker can generate a fatal error via Web Management Interface of PAN-OS, in order to trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/09/2016.
Identifiers: PAN-SA-2016-0024, VIGILANCE-VUL-20562.
Description of the vulnerability
An attacker can generate a fatal error in the Web Management Interface of PAN-OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: five vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of PAN-OS.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, client access/rights, data reading, denial of service on server, denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 5.
Creation date: 15/07/2016.
Identifiers: CVE-2016-1712, PAN-SA-2016-0012, PAN-SA-2016-0013, PAN-SA-2016-0014, PAN-SA-2016-0015, PAN-SA-2016-0016, VIGILANCE-VUL-20121.
Description of the vulnerability
Several vulnerabilities were announced in PAN-OS.
An attacker can bypass security features via root_reboot, in order to escalate his privileges. [severity:2/4; CVE-2016-1712, PAN-SA-2016-0012]
An attacker can trigger a fatal error via Captive Portal, in order to trigger a denial of service. [severity:2/4; PAN-SA-2016-0013]
An attacker can trigger a Cross Site Scripting via Policy, in order to run JavaScript code in the context of the web site. [severity:2/4; PAN-SA-2016-0014]
An attacker can bypass security features via cron, in order to escalate his privileges. [severity:2/4; PAN-SA-2016-0015]
An attacker can bypass security features via Web Interface, in order to escalate his privileges. [severity:2/4; PAN-SA-2016-0016]
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: injecting TCP packets via Challenge ACK
Synthesis of the vulnerability
An attacker can predict the sequence of a TCP session performed to a Linux server, in order to inject a TCP packet, which can interact with the session if it is not encrypted.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, Android OS, NSM Central Manager, NSMXpress, Linux, McAfee Web Gateway, openSUSE, openSUSE Leap, PAN-OS, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: data creation/edition, data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/07/2016.
Identifiers: CERTFR-2016-AVI-287, CERTFR-2016-AVI-289, CERTFR-2017-AVI-001, CERTFR-2017-AVI-044, CERTFR-2017-AVI-053, CERTFR-2017-AVI-131, CVE-2016-5389-REJECT, CVE-2016-5696, DLA-609-1, DSA-3659-1, FEDORA-2016-784d5526d8, FEDORA-2016-9a16b2e14e, FG-IR-16-047, FG-IR-16-048, FG-IR-17-127, JSA10853, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, PAN-SA-2017-0015, RHSA-2016:1631-01, RHSA-2016:1632-01, RHSA-2016:1633-01, RHSA-2016:1657-01, RHSA-2016:1664-01, RHSA-2016:1814-01, RHSA-2016:1815-01, RHSA-2016:1939-01, SA131, SB10167, SOL46514822, SSA:2016-236-03, SSA:2016-242-01, SUSE-SU-2016:2245-1, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0437-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:1102-1, USN-3070-1, USN-3070-2, USN-3070-3, USN-3070-4, USN-3071-1, USN-3071-2, USN-3072-1, USN-3072-2, VIGILANCE-VUL-20066.
Description of the vulnerability
The Linux kernel implements the RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks).
However, this implementation provides information which can be used to inject a TCP packet in an active session, but without receiving the TCP reply.
In order to do so, the attacker has to know,
- the IP address and the TCP port number of the server
- the IP address of a client with an active session
An attacker can therefore predict the sequence of a TCP session performed to a Linux server, in order to inject a TCP packet, which can interact with the session if it is not encrypted.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: intranet client.
Creation date: 28/06/2016.
Identifiers: CVE-2016-2219, PAN-SA-2016-0009, VIGILANCE-VUL-19986.
Description of the vulnerability
The PAN-OS product offers a web service.
However, the data echo does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
Palo Alto Networks firewalls: denial of service via API
Synthesis of the vulnerability
An unauthenticated attacker can make the API fail for a key authentication in Palo Alto Networks firewalls, in order to trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 28/06/2016.
Identifiers: PAN-SA-2016-0008, VIGILANCE-VUL-19985.
Description of the vulnerability
The Palo Alto Networks firewalls product includes an API for product configuration.
However, an error of key authentication integration in API enable to generates a fatal error via API.
An unauthenticated attacker can therefore make the API fail for a key authentication in Palo Alto Networks firewalls, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about PAN-OS:
|