The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Palo Alto Firewall PA-***

vulnerability announce CVE-2017-15944

PAN-OS: code execution via Management Interface

Synthesis of the vulnerability

An attacker can use a vulnerability via Management Interface of PAN-OS, in order to run code.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 07/12/2017.
Revision date: 08/01/2018.
Identifiers: CVE-2017-15944, PAN-SA-2017-0027, VIGILANCE-VUL-24692.

Description of the vulnerability

An attacker can use a vulnerability via Management Interface of PAN-OS, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-16878

PAN-OS Captive Portal: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of PAN-OS Captive Portal, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/01/2018.
Identifiers: CVE-2017-16878, PAN-SA-2017-0031, VIGILANCE-VUL-24935.

Description of the vulnerability

The PAN-OS Captive Portal product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of PAN-OS Captive Portal, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-15941

PAN-OS GlobalProtect: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of PAN-OS GlobalProtect, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/01/2018.
Identifiers: CVE-2017-15941, PAN-SA-2017-0030, VIGILANCE-VUL-24934.

Description of the vulnerability

The PAN-OS GlobalProtect product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of PAN-OS GlobalProtect, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 24749

TLS: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE, Cisco ACE, BIG-IP Hardware, TMOS, Mule ESB, Java OpenJDK, Java Oracle, Palo Alto Firewall PA***, PAN-OS, RabbitMQ, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-ALE-020, cisco-sa-20171212-bleichenbacher, CSCvg74693, CTX230238, K21905460, PAN-SA-2017-0032, ROBOT Attack, VIGILANCE-VUL-24749, VU#144389.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-15940

PAN-OS: code execution via Packet Capture Management

Synthesis of the vulnerability

An attacker can use a vulnerability via Packet Capture Management of PAN-OS, in order to run code.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 07/12/2017.
Identifiers: CVE-2017-15940, PAN-SA-2017-0028, VIGILANCE-VUL-24693.

Description of the vulnerability

An attacker can use a vulnerability via Packet Capture Management of PAN-OS, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-15943

PAN-OS: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to PAN-OS, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 07/12/2017.
Identifiers: CVE-2017-15943, PAN-SA-2017-0026, VIGILANCE-VUL-24691.

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the PAN-OS parser allows external entities.

An attacker can therefore transmit malicious XML data to PAN-OS, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-15942

PAN-OS: denial of service via Management Interface

Synthesis of the vulnerability

An attacker can generate a fatal error via Management Interface of PAN-OS, in order to trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 07/12/2017.
Identifiers: CVE-2017-15942, PAN-SA-2017-0025, VIGILANCE-VUL-24690.

Description of the vulnerability

An attacker can generate a fatal error via Management Interface of PAN-OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 24673

Palo Alto GlobalProtect Agent: privilege escalation via Image Path

Synthesis of the vulnerability

An attacker can bypass restrictions via Image Path of Palo Alto GlobalProtect Agent, in order to escalate his privileges.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 06/12/2017.
Identifiers: PAN-SA-2017-0029, VIGILANCE-VUL-24673.

Description of the vulnerability

An attacker can bypass restrictions via Image Path of Palo Alto GlobalProtect Agent, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-9458

PAN-OS: external XML entity injection via GlobalProtect

Synthesis of the vulnerability

An attacker can transmit malicious XML data via GlobalProtect to PAN-OS, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 31/08/2017.
Identifiers: CVE-2017-9458, PAN-SA-2017-0024, VIGILANCE-VUL-23682.

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the PAN-OS parser allows external entities.

An attacker can therefore transmit malicious XML data via GlobalProtect to PAN-OS, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-12416

PAN-OS: Cross Site Scripting via GlobalProtect

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via GlobalProtect of PAN-OS, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 31/08/2017.
Identifiers: CVE-2017-12416, PAN-SA-2017-0023, VIGILANCE-VUL-23681.

Description of the vulnerability

The PAN-OS product offers a web service.

However, it does not filter received data via GlobalProtect before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via GlobalProtect of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Palo Alto Firewall PA-***: