The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PaloAlto Panorama

vulnerability alert CVE-2015-6531

Palo Alto Panorama: code execution via Firmware Installation

Synthesis of the vulnerability

An attacker can invite the victim to install a malicious firmware on Palo Alto Panorama, in order to run code.
Impacted products: Panorama by Palo Alto, PAN-OS.
Severity: 1/4.
Consequences: administrator access/rights.
Provenance: document.
Creation date: 02/06/2017.
Identifiers: CVE-2015-6531, TRA-2015-02, VIGILANCE-VUL-22891.

Description of the vulnerability

An attacker can invite the victim to install a malicious firmware on Palo Alto Panorama, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 17503

PAN-OS: bypassing LDAP authentication

Synthesis of the vulnerability

An attacker can bypass the LDAP authentication of PAN-OS, in order to escalate his privileges.
Impacted products: Palo Alto Firewall PA***, Panorama by Palo Alto, PAN-OS.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 27/07/2015.
Identifiers: PAN-SA-2015-0005, VIGILANCE-VUL-17503.

Description of the vulnerability

The PAN-OS product can use a local authentication, or an authentication based on LDAP or RADIUS.

However, when PAN-OS uses LDAP, an attacker can bypass the authentication.

An attacker can therefore bypass the LDAP authentication of PAN-OS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PaloAlto Panorama: