The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Palo Alto Firewall PA-***

vulnerability note CVE-2018-0737

OpenSSL: information disclosure via RSA Constant Time Key Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Debian, Fedora, AIX, BladeCenter, IBM i, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenBSD, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 17/04/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0737, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10729805, ibm10743283, ibm10880781, JSA10919, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2957-1, openSUSE-SU-2018:3015-1, openSUSE-SU-2019:0152-1, openSUSE-SU-2019:1432-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:2486-1, SUSE-SU-2018:2492-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2928-1, SUSE-SU-2018:2965-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2019:0197-1, SUSE-SU-2019:0512-1, SUSE-SU-2019:1553-1, TNS-2018-14, TNS-2018-17, TSB17568, USN-3628-1, USN-3628-2, USN-3692-1, USN-3692-2, VIGILANCE-VUL-25884.

Description of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0739

OpenSSL: denial of service via Recursive ASN.1

Synthesis of the vulnerability

An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Avamar, BIG-IP Hardware, TMOS, Fedora, AIX, IBM i, Rational ClearCase, QRadar SIEM, Tivoli Storage Manager, WebSphere MQ, MariaDB ~ precise, McAfee Email Gateway, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Palo Alto Firewall PA***, PAN-OS, Percona Server, RHEL, stunnel, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, X2GoClient.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 27/03/2018.
Identifiers: 2015887, 524146, bulletinjan2019, CERTFR-2018-AVI-155, cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-0739, DLA-1330-1, DSA-2018-125, DSA-4157-1, DSA-4158-1, FEDORA-2018-1b4f1158e2, FEDORA-2018-40dc8b8b16, FEDORA-2018-76afaf1961, FEDORA-2018-9490b422e7, ibm10715641, ibm10717211, ibm10717405, ibm10717409, ibm10719319, ibm10733605, ibm10738249, ibm10874728, K08044291, N1022561, openSUSE-SU-2018:0936-1, openSUSE-SU-2018:1057-1, openSUSE-SU-2018:2208-1, openSUSE-SU-2018:2238-1, openSUSE-SU-2018:2524-1, openSUSE-SU-2018:2695-1, PAN-SA-2018-0015, RHSA-2018:3090-01, RHSA-2018:3221-01, SA166, SB10243, SSA-181018, SUSE-SU-2018:0902-1, SUSE-SU-2018:0905-1, SUSE-SU-2018:0906-1, SUSE-SU-2018:0975-1, SUSE-SU-2018:2072-1, SUSE-SU-2018:2158-1, SUSE-SU-2018:2683-1, Synology-SA-18:51, USN-3611-1, USN-3611-2, VIGILANCE-VUL-25666.

Description of the vulnerability

An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-15944

PAN-OS: code execution via Management Interface

Synthesis of the vulnerability

An attacker can use a vulnerability via Management Interface of PAN-OS, in order to run code.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 07/12/2017.
Revision date: 08/01/2018.
Identifiers: CVE-2017-15944, PAN-SA-2017-0027, VIGILANCE-VUL-24692.

Description of the vulnerability

An attacker can use a vulnerability via Management Interface of PAN-OS, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-16878

PAN-OS Captive Portal: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of PAN-OS Captive Portal, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/01/2018.
Identifiers: CVE-2017-16878, PAN-SA-2017-0031, VIGILANCE-VUL-24935.

Description of the vulnerability

The PAN-OS Captive Portal product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of PAN-OS Captive Portal, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-15941

PAN-OS GlobalProtect: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of PAN-OS GlobalProtect, in order to run JavaScript code in the context of the web site.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/01/2018.
Identifiers: CVE-2017-15941, PAN-SA-2017-0030, VIGILANCE-VUL-24934.

Description of the vulnerability

The PAN-OS GlobalProtect product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of PAN-OS GlobalProtect, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 24749

TLS: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE, Cisco ACE, BIG-IP Hardware, TMOS, Mule ESB, Java OpenJDK, Java Oracle, Palo Alto Firewall PA***, PAN-OS, RabbitMQ, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-ALE-020, cisco-sa-20171212-bleichenbacher, CSCvg74693, CTX230238, K21905460, PAN-SA-2017-0032, ROBOT Attack, VIGILANCE-VUL-24749, VU#144389.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-15940

PAN-OS: code execution via Packet Capture Management

Synthesis of the vulnerability

An attacker can use a vulnerability via Packet Capture Management of PAN-OS, in order to run code.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user account.
Creation date: 07/12/2017.
Identifiers: CVE-2017-15940, PAN-SA-2017-0028, VIGILANCE-VUL-24693.

Description of the vulnerability

An attacker can use a vulnerability via Packet Capture Management of PAN-OS, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-15943

PAN-OS: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to PAN-OS, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 07/12/2017.
Identifiers: CVE-2017-15943, PAN-SA-2017-0026, VIGILANCE-VUL-24691.

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the PAN-OS parser allows external entities.

An attacker can therefore transmit malicious XML data to PAN-OS, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-15942

PAN-OS: denial of service via Management Interface

Synthesis of the vulnerability

An attacker can generate a fatal error via Management Interface of PAN-OS, in order to trigger a denial of service.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 07/12/2017.
Identifiers: CVE-2017-15942, PAN-SA-2017-0025, VIGILANCE-VUL-24690.

Description of the vulnerability

An attacker can generate a fatal error via Management Interface of PAN-OS, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 24673

Palo Alto GlobalProtect Agent: privilege escalation via Image Path

Synthesis of the vulnerability

An attacker can bypass restrictions via Image Path of Palo Alto GlobalProtect Agent, in order to escalate his privileges.
Impacted products: Palo Alto Firewall PA***, PAN-OS.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 06/12/2017.
Identifiers: PAN-SA-2017-0029, VIGILANCE-VUL-24673.

Description of the vulnerability

An attacker can bypass restrictions via Image Path of Palo Alto GlobalProtect Agent, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Palo Alto Firewall PA-***: