The vulnerability of the interface for internal and external switches of the GlobalProtect operating system PAN-OS allows a attacker to cause a service failure or obtain confidential information.

🗓️ 11 Oct 2017 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

GlobalProtect PAN-OS XXE flaw on internal and external interfaces may disclose data, crash services, or enable forgery.

Reporter	Title	Published	Views	Family All 10
CNVD	Palo Alto PAN-OS xml Entity Injection Vulnerability	7 Sep 201700:00	–	cnvd
CVE	CVE-2017-9458	7 Sep 201713:00	–	cve
Cvelist	CVE-2017-9458	7 Sep 201713:00	–	cvelist
EUVD	EUVD-2017-18391	7 Oct 202500:30	–	euvd
NVD	CVE-2017-9458	7 Sep 201713:29	–	nvd
OSV	CVE-2017-9458	7 Sep 201713:29	–	osv
Palo Alto Networks	XML External Entity (XXE) in PAN-OS	30 Aug 201723:00	–	paloalto
Palo Alto Networks	XML External Entity (XXE) in PAN-OS	30 Aug 201723:00	–	paloalto
Tenable Nessus	Palo Alto Networks PAN-OS 6.1.x < 6.1.18 / 7.0.x < 7.0.17 / 7.1.x < 7.1.12 / 8.0.x < 8.0.3 Multiple Vulnerabilities	30 Jun 201700:00	–	nessus
Prion	Server side request forgery (ssrf)	7 Sep 201713:29	–	prion

Vulners

Node

palo_alto_networks pan-osRange≤8.0.2

Source	Link
securityadvisories	www.securityadvisories.paloaltonetworks.com/Home/Detail/94
securityfocus	www.securityfocus.com/bid/100614
securitytracker	www.securitytracker.com/id/1039256
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 27.5

CVSS 39.8

EPSS0.01272

globalprotect panos xml external entity internal interfaces external interfaces data disclosure service failure server side forgery