| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of PAN-OS
PAN-OS: four vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of PAN-OS.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 18/11/2016.
Identifiers: 908, 912, 913, CVE-2016-6210, CVE-2016-9149, CVE-2016-9150, CVE-2016-9151, PAN-SA-2016-0034, PAN-SA-2016-0035, PAN-SA-2016-0036, PAN-SA-2016-0037, VIGILANCE-VUL-21157.
Description of the vulnerability
Several vulnerabilities were announced in PAN-OS.
An attacker can bypass security features via Environment Variables, in order to escalate his privileges. [severity:2/4; 912, 913, CVE-2016-9151, PAN-SA-2016-0034]
An attacker can generate a buffer overflow via Web Management Server, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 908, CVE-2016-9150, PAN-SA-2016-0035]
An attacker can use a long password on OpenSSH, in order to detect if a login name is valid (VIGILANCE-VUL-20133). [severity:1/4; CVE-2016-6210, PAN-SA-2016-0036]
An attacker can bypass security features via XPath, in order to escalate his privileges. [severity:2/4; CVE-2016-9149, PAN-SA-2016-0037]
Full Vigil@nce bulletin... (Free trial) |
ICMP: denial of service via ICMP Type 3 Code 3, BlackNurse
Synthesis of the vulnerability
An attacker can send numerous ICMP Type 3 Code 3 packets to some routers/firewalls, in order to trigger a denial of service.
Impacted products: ASA, IOS by Cisco, Cisco Router, FortiGate, FortiGate Virtual Appliance, FortiOS, Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 16/11/2016.
Identifiers: Black Nurse, sk114500, VIGILANCE-VUL-21138.
Description of the vulnerability
The ICMP protocol uses packets of Type 3 Code 3 to announce that a port is unreachable. This packet is usually sent as a reply to the sender of a packet sent to a closed TCP/UDP port.
However, when numerous ICMP Type 3 Code 3 packets are received, some devices uselessly consume many resources to process them.
An attacker can therefore send numerous ICMP Type 3 Code 3 packets to some routers/firewalls, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: Cross Site Scripting via Captive Portal
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via Captive Portal of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 02/11/2016.
Identifiers: PAN-SA-2016-0033, VIGILANCE-VUL-21007.
Description of the vulnerability
The PAN-OS product offers a web service.
However, it does not filter received data via Captive Portal before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via Captive Portal of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: privilege escalation via REST API Tokens
Synthesis of the vulnerability
An attacker can bypass restrictions via REST API Tokens of PAN-OS, in order to escalate his privileges.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 02/11/2016.
Identifiers: PAN-SA-2016-0032, VIGILANCE-VUL-21006.
Description of the vulnerability
An attacker can bypass restrictions via REST API Tokens of PAN-OS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: denial of service via SSL3_AL_WARNING
Synthesis of the vulnerability
An attacker can send SSL3_AL_WARNING packets to an SSLv3 application linked to OpenSSL, in order to trigger a denial of service.
Impacted products: OpenOffice, Debian, Fedora, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, IRAD, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper ISG, Juniper J-Series, Junos OS, SSG, SRX-Series, Meinberg NTP Server, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle Identity Management, Solaris, WebLogic, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, RHEL, JBoss EAP by Red Hat, Shibboleth SP, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 24/10/2016.
Identifiers: 1996096, 2000095, 2003480, 2003620, 2003673, 2004940, 2009389, bulletinoct2016, cpujul2019, CVE-2016-8610, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FreeBSD-SA-16:35.openssl, HPESBHF03897, JSA10808, JSA10809, JSA10810, JSA10811, JSA10813, JSA10814, JSA10816, JSA10817, JSA10818, JSA10820, JSA10821, JSA10822, JSA10825, openSUSE-SU-2017:0386-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2018:4104-1, PAN-SA-2017-0017, pfSense-SA-17_03.webgui, RHSA-2017:0286-01, RHSA-2017:0574-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2493-01, RHSA-2017:2494-01, SA40886, SP-CAAAPUE, SPL-129207, SUSE-SU-2017:0304-1, SUSE-SU-2017:0348-1, SUSE-SU-2018:0112-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3964-1, SUSE-SU-2018:3994-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:1553-1, USN-3181-1, USN-3183-1, USN-3183-2, VIGILANCE-VUL-20941.
Description of the vulnerability
The OpenSSL product implements the SSL version 3 protocol.
The SSL3_AL_WARNING message is used to send an alert of level Warning. However, when these packets are received during the handshake, the library consumes 100% of CPU.
An attacker can therefore send SSL3_AL_WARNING packets to an SSLv3 application linked to OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: privilege escalation via Copy On Write, Dirty COW
Synthesis of the vulnerability
A local attacker can generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: SNS, Cisco ATA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Cisco CUCM, Debian, NetWorker, BIG-IP Hardware, TMOS, Fedora, Android OS, HP Operations, HP Switch, Junos Space, NSM Central Manager, NSMXpress, Linux, McAfee Email Gateway, openSUSE, openSUSE Leap, Oracle Communications, Palo Alto Firewall PA***, PAN-OS, HDX, RealPresence Resource Manager, Polycom VBP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data creation/edition.
Provenance: user shell.
Creation date: 20/10/2016.
Identifiers: 1384344, 494072, c05341463, CERTFR-2016-AVI-353, CERTFR-2016-AVI-356, CERTFR-2016-AVI-357, CERTFR-2016-AVI-370, CERTFR-2017-AVI-001, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20161026-linux, cpujul2018, CVE-2016-5195, Dirty COW, DLA-670-1, DSA-3696-1, ESA-2016-170, FEDORA-2016-c3558808cd, FEDORA-2016-db4b75b352, HPESBGN03742, HPSBHF03682, JSA10770, JSA10774, K10558632, openSUSE-SU-2016:2583-1, openSUSE-SU-2016:2584-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:2649-1, PAN-SA-2017-0003, PAN-SA-2017-0013, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2016:2098-01, RHSA-2016:2105-01, RHSA-2016:2106-01, RHSA-2016:2110-01, RHSA-2016:2118-01, RHSA-2016:2120-01, RHSA-2016:2124-01, RHSA-2016:2126-01, RHSA-2016:2127-01, RHSA-2016:2128-01, RHSA-2016:2132-01, RHSA-2016:2133-01, RHSA-2018:0180-01, SB10177, SB10178, SSA:2016-305-01, STORM-2016-006, SUSE-SU-2016:2585-1, SUSE-SU-2016:2592-1, SUSE-SU-2016:2593-1, SUSE-SU-2016:2596-1, SUSE-SU-2016:2614-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, USN-3104-1, USN-3104-2, USN-3105-1, USN-3105-2, USN-3106-1, USN-3106-2, USN-3106-3, USN-3106-4, USN-3107-1, USN-3107-2, VIGILANCE-VUL-20923, VU#243144.
Description of the vulnerability
The Linux kernel supports the Copy On Write operation, which is used to copy memory only when it is modified.
However, a local attacker can manipulate the memory, so the COW operation writes in Read Only memory.
A local attacker can therefore generate a memory corruption via a Copy On Write on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 19/10/2016.
Identifiers: PAN-SA-2016-0031, VIGILANCE-VUL-20918.
Description of the vulnerability
The PAN-OS product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: Cross Site Scripting
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 1/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 19/10/2016.
Identifiers: PAN-SA-2016-0029, VIGILANCE-VUL-20917.
Description of the vulnerability
The PAN-OS product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: denial of service via Web Management Server
Synthesis of the vulnerability
An attacker can generate a fatal error via Web Management Server of PAN-OS, in order to trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 12/10/2016.
Identifiers: PAN-SA-2016-0027, VIGILANCE-VUL-20846.
Description of the vulnerability
An attacker can generate a fatal error via Web Management Server of PAN-OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
PAN-OS: information disclosure via GlobalProtect Portal
Synthesis of the vulnerability
An attacker can use GlobalProtect Portal of PAN-OS, in order to obtain sensitive information.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 05/10/2016.
Identifiers: PAN-SA-2016-0026, VIGILANCE-VUL-20774.
Description of the vulnerability
The PAN-OS product offers a GlobalProtect Portal web service.
However, this service displays the version of PAN-OS.
An attacker can therefore use GlobalProtect Portal of PAN-OS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about PAN-OS:
|