Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2017-15944

🗓️ 11 Dec 2017 17:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov📰️ 7 Media mentions👁 783 Views🌐 WEB

Palo Alto Networks PAN-OS < 8.0.6 Remote Code Execution CVE-2017-1594

Related
Detection
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today		Palo Alto Networks Firewalls Remote Root Code Execution Vulnerability
14 Dec 201700:00
zdt
0day.today		Palo Alto Networks PAN-OS Cookie Injection Vulnerability
22 Dec 201700:00
zdt
0day.today		Palo Alto Networks - readSessionVarsFromFile() Session Corruption Exploit
9 May 201800:00
zdt
GithubExploit		Exploit for Improper Input Validation in Paloaltonetworks Pan-Os
24 May 201823:19
githubexploit
ATTACKERKB		CVE-2017-15944
11 Dec 201700:00
attackerkb
Circl		CVE-2017-15944
13 Dec 201709:00
circl
CISA KEV Catalog		Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
18 Aug 202200:00
cisa_kev
CNVD		Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
11 Dec 201700:00
cnvd
Check Point Advisories		Paloaltonetworks Panos Remote Code Execution (CVE-2017-15944) - Ver2
22 Nov 201800:00
checkpoint_advisories
Cvelist		CVE-2017-15944
11 Dec 201717:00
cvelist
Rows per page
NVD
Node
paloaltonetworkspan-osRange<6.1.19
OR
paloaltonetworkspan-osRange7.0.07.0.19
OR
paloaltonetworkspan-osRange7.1.07.1.14
OR
paloaltonetworkspan-osRange8.0.08.0.6
ParameterPositionPathDescriptionCWE
devicequery paramesp/cms_changeDeviceContext.espBy injecting a crafted device parameter, the session deserialization/parsing can be corrupted to bypass authentication and manipulate session data.CWE-20CWE-119
actionrequest bodyphp/utils/router.php/Administrator.getXML injection via Direct::getConfigByXpath with unsafely appended id to obj, enabling manipulation of backend XML requests and potential directory traversal.CWE-20CWE-119
methodrequest bodyphp/utils/router.php/Administrator.getXML injection via Direct::getConfigByXpath with unsafely appended id to obj, enabling manipulation of backend XML requests and potential directory traversal.CWE-20CWE-119
datarequest bodyphp/utils/router.php/Administrator.getXML injection via Direct::getConfigByXpath with unsafely appended id to obj, enabling manipulation of backend XML requests and potential directory traversal.CWE-20CWE-119
cookierequest bodyphp/utils/router.php/Administrator.getXML injection via Direct::getConfigByXpath with unsafely appended id to obj, enabling manipulation of backend XML requests and potential directory traversal.CWE-20CWE-119
idrequest bodyphp/utils/router.php/Administrator.getXML injection via Direct::getConfigByXpath with unsafely appended id to obj, enabling manipulation of backend XML requests and potential directory traversal.CWE-20CWE-119
async-moderequest bodyphp/utils/router.php/Administrator.getXML injection via Direct::getConfigByXpath with unsafely appended id to obj, enabling manipulation of backend XML requests and potential directory traversal.CWE-20CWE-119
refreshrequest bodyphp/utils/router.php/Administrator.getXML injection via Direct::getConfigByXpath with unsafely appended id to obj, enabling manipulation of backend XML requests and potential directory traversal.CWE-20CWE-119

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 01:08Current
9.5High risk
Vulners AI Score9.5
CVSS 27.5
CVSS 3.19.8
EPSS0.9834
SSVC
CWE-20CWE-119In Wild
palo alto networkspan-osremote code executioncve-2017-15944security vulnerability
783