The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PaloAlto PAN-OS

cybersecurity note CVE-2018-9335

PAN-OS: Cross Site Scripting via Session Browser

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Session Browser of PAN-OS, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 29/06/2018.
Identifiers: CVE-2018-9335, PAN-93244, PAN-SA-2018-0007, VIGILANCE-VUL-26591.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The PAN-OS product offers a web service.

However, it does not filter received data via Session Browser before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Session Browser of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2018-9337

PAN-OS: Cross Site Scripting via Web Interface Administration Page

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Web Interface Administration Page of PAN-OS, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 29/06/2018.
Identifiers: CVE-2018-9337, PAN-93242, PAN-SA-2018-0006, VIGILANCE-VUL-26590.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The PAN-OS product offers a web service.

However, it does not filter received data via Web Interface Administration Page before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Web Interface Administration Page of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

threat announce CVE-2018-9334

PAN-OS: information disclosure via GlobalProtect Password Hashes

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via GlobalProtect Password Hashes of PAN-OS, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 29/06/2018.
Identifiers: CVE-2018-9334, PAN-91564, PAN-SA-2018-0005, VIGILANCE-VUL-26589.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via GlobalProtect Password Hashes of PAN-OS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-9242

PAN-OS: privilege escalation via Management Web Interface

Synthesis of the vulnerability

An attacker can bypass restrictions via Management Web Interface of PAN-OS, in order to escalate his privileges.
Severity: 2/4.
Creation date: 29/06/2018.
Identifiers: CVE-2018-9242, PAN-90954, PAN-SA-2018-0004, VIGILANCE-VUL-26588.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Management Web Interface of PAN-OS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2018-7636

PAN-OS: Cross Site Scripting via Session Browser

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Session Browser of PAN-OS, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 27/06/2018.
Identifiers: CVE-2018-7636, PAN-OS 90835, PAN-SA-2018-0003, VIGILANCE-VUL-26557.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The PAN-OS product offers a web service.

However, it does not filter received data via Session Browser before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Session Browser of PAN-OS, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2018-0732

OpenSSL: denial of service via Large DH Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 12/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0732, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10719319, ibm10729805, ibm10738401, ibm10743283, ibm10874728, JSA10919, K21665601, openSUSE-SU-2018:1906-1, openSUSE-SU-2018:2117-1, openSUSE-SU-2018:2129-1, openSUSE-SU-2018:2667-1, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2816-1, openSUSE-SU-2018:2855-1, openSUSE-SU-2018:3013-1, openSUSE-SU-2018:3015-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:1887-1, SUSE-SU-2018:1968-1, SUSE-SU-2018:2036-1, SUSE-SU-2018:2041-1, SUSE-SU-2018:2207-1, SUSE-SU-2018:2647-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2812-1, SUSE-SU-2018:2956-1, SUSE-SU-2018:2965-1, SUSE-SU-2019:1553-1, SYMSA1462, TNS-2018-14, TNS-2018-17, TSB17568, USN-3692-1, USN-3692-2, VIGILANCE-VUL-26375.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-0737

OpenSSL: information disclosure via RSA Constant Time Key Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 17/04/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0737, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10729805, ibm10743283, ibm10880781, JSA10919, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2957-1, openSUSE-SU-2018:3015-1, openSUSE-SU-2019:0152-1, openSUSE-SU-2019:1432-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:2486-1, SUSE-SU-2018:2492-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2928-1, SUSE-SU-2018:2965-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2019:0197-1, SUSE-SU-2019:0512-1, SUSE-SU-2019:1553-1, TNS-2018-14, TNS-2018-17, TSB17568, USN-3628-1, USN-3628-2, USN-3692-1, USN-3692-2, VIGILANCE-VUL-25884.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2018-0739

OpenSSL: denial of service via Recursive ASN.1

Synthesis of the vulnerability

An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 27/03/2018.
Identifiers: 2015887, 524146, bulletinjan2019, CERTFR-2018-AVI-155, cpuapr2019, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-0739, DLA-1330-1, DSA-2018-125, DSA-4157-1, DSA-4158-1, FEDORA-2018-1b4f1158e2, FEDORA-2018-40dc8b8b16, FEDORA-2018-76afaf1961, FEDORA-2018-9490b422e7, ibm10715641, ibm10717211, ibm10717405, ibm10717409, ibm10719319, ibm10733605, ibm10738249, ibm10874728, K08044291, N1022561, openSUSE-SU-2018:0936-1, openSUSE-SU-2018:1057-1, openSUSE-SU-2018:2208-1, openSUSE-SU-2018:2238-1, openSUSE-SU-2018:2524-1, openSUSE-SU-2018:2695-1, PAN-SA-2018-0015, RHSA-2018:3090-01, RHSA-2018:3221-01, SA166, SB10243, SSA-181018, SUSE-SU-2018:0902-1, SUSE-SU-2018:0905-1, SUSE-SU-2018:0906-1, SUSE-SU-2018:0975-1, SUSE-SU-2018:2072-1, SUSE-SU-2018:2158-1, SUSE-SU-2018:2683-1, Synology-SA-18:51, USN-3611-1, USN-3611-2, VIGILANCE-VUL-25666.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Recursive ASN.1 of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2017-15944

PAN-OS: code execution via Management Interface

Synthesis of the vulnerability

An attacker can use a vulnerability via Management Interface of PAN-OS, in order to run code.
Severity: 3/4.
Creation date: 07/12/2017.
Revision date: 08/01/2018.
Identifiers: CVE-2017-15944, PAN-SA-2017-0027, VIGILANCE-VUL-24692.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Management Interface of PAN-OS, in order to run code.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2017-16878

PAN-OS Captive Portal: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of PAN-OS Captive Portal, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 03/01/2018.
Identifiers: CVE-2017-16878, PAN-SA-2017-0031, VIGILANCE-VUL-24935.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The PAN-OS Captive Portal product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of PAN-OS Captive Portal, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PaloAlto PAN-OS: