5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
Palo Alto Networks has determined that the WildFire-500 (WF-500) appliance is affected by the vulnerability disclosures known as Meltdown and Spectre, and has completed an update to address these issues. The WF-500 software update is now available to customers that use the WF-500 appliance for on-premise sandboxing. Please note that customers using the WildFire cloud service are NOT impacted by this advisory. (PAN-91139/CVE-2017-5715)
Successful exploitation of this issue may allow reads from the guest image to the host residing in a sandbox appliance. The analysis method utilized by the WF-500 mitigates the impact of this issue.
This issue affects WF-500 (WildFire Appliance) running appliance software versions 8.0.9 and earlier; all versions of 7.1, 7.0, and 6.1. Please note: WF-500 appliance software versions 8.1.0 and later are not impacted by this advisory.
Work around:
Customers not using the WF-500 WildFire Appliance are not impacted by this advisory. Customers using the WildFire cloud are not impacted by this advisory.
CPE | Name | Operator | Version |
---|---|---|---|
wildfire appliance | le | 8.0.9 |
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%