Lucene search

K
paloaltoPalo Alto Networks Product Security Incident Response TeamPAN-SA-2017-0018
HistoryJun 19, 2017 - 8:30 p.m.

Kernel Vulnerability

2017-06-1920:30:00
Palo Alto Networks Product Security Incident Response Team
securityadvisories.paloaltonetworks.com
543

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.035

Percentile

91.6%

A vulnerability exists in the Linux kernel of PAN-OS that may result in Remote Code Execution. A vulnerability in the Linux kernel networking subsystem for UDP could enable an attacker to execute arbitrary code within the context of the kernel. The Data Plane (DP) of PAN-OS is not affected by this issue since it does not use the vulnerable Linux kernel code. (ref # PAN-77173 / CVE-2016-10229).
Successful exploitation of this issue requires an attacker to be on the management network.
This issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier

Work around:
Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.

Affected configurations

Vulners
Node
paloaltonetworkspan-osMatch7.0.\*
OR
paloaltonetworkspan-osRange≀8.0.2
OR
paloaltonetworkspan-osRange≀6.1.17
OR
paloaltonetworkspan-osRange≀7.1.10
VendorProductVersionCPE
paloaltonetworkspan-os7.0.*cpe:2.3:o:paloaltonetworks:pan-os:7.0.\*:*:*:*:*:*:*:*
paloaltonetworkspan-os*cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.035

Percentile

91.6%