Web interface denial of service

ID PAN-SA-2016-0027
Type paloalto
Reporter Palo Alto Networks Product Security Incident Response Team
Modified 2016-10-11T19:00:00


Palo Alto Networks web management server is vulnerable to a denial-of-service attack. (Ref # PAN-64917/105311) (CVE-2014-9708) This pre-authenticated denial-of-service attack could disrupt the web management interface. This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier

Work around: Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.