510 matches found
PAN-OS API denial of service
Palo Alto Networks firewalls offer an API to query and modify the configuration of the device. While access to this API is protected by the use of an API key, an issue was recently identified leading to a potential unauthenticated denial of service attack. Ref 91728...
User-ID API Access
The Palo Alto Networks User-ID agent for Windows implements an API to retrieve the agent’s configuration. This TLS-secured API call returns encrypted credentials to the domain account configured on the User-ID agent, which has read-only rights for Security Event Logs on Domain Controllers. Anyone...
HTTP Header Evasion
An evasion was identified whereby a user could specially craft an HTTP header to evade URL filtering on Palo Alto Networks firewalls. Ref 93838...
Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface
When a PAN-OS device is configured as a GlobalProtect web portal, a specially crafted request to the portal could result in a crash of the service. Ref. 89750 CVE-2016-3656 This issue can be exploited remotely by an attacker with network access to the GlobalProtect portal in order to cause a...
Unauthenticated Command Injection in Management Web Interface
Palo Alto Networks PAN-OS implements an API to enable programmatic device configuration and administration of the device. An issue was identified where the management API incorrectly parses input to a specific API call, leading to execution of arbitrary OS commands without authentication via the...
Command Injection in Command Line Interface
Palo Alto Networks firewalls implement a command line interface for interactive configuration through a serial interface or a remote SSH session. An issue was identified that can cause incorrect parsing of a specific SSH command parameter, leading to arbitrary command execution on the OS level...
Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface
When a PAN-OS device is configured as a GlobalProtect portal, a vulnerability exists where an improper handling of a buffer involved in the processing of SSL VPN requests can result in device crash and possible remote code execution. Ref. 89752 CVE-2016-3657 An attacker with network access to the...
Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface
When a PAN-OS device is configured as a GlobalProtect portal, a vulnerability exists where an improper handling of a buffer involved in the processing of SSL VPN requests can result in device crash and possible remote code execution. Ref. 89752 CVE-2016-3657 An attacker with network access to the...
Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface
When a PAN-OS device is configured as a GlobalProtect web portal, a specially crafted request to the portal could result in a crash of the service. Ref. 89750 CVE-2016-3656 This issue can be exploited remotely by an attacker with network access to the GlobalProtect portal in order to cause a...
Command Injection in Command Line Interface
Palo Alto Networks firewalls implement a command line interface for interactive configuration through a serial interface or a remote SSH session. An issue was identified that can cause incorrect parsing of a specific SSH command parameter, leading to arbitrary command execution on the OS level...
Unauthenticated Command Injection in Management Web Interface
Palo Alto Networks PAN-OS implements an API to enable programmatic device configuration and administration of the device. An issue was identified where the management API incorrectly parses input to a specific API call, leading to execution of arbitrary OS commands without authentication via the...
ESM Console XSS vulnerability
A cross-site scripting vulnerability exists in the web-based console management. This vulnerability has been assigned CVE-2015-2223. This issue affects the management interface of Traps, where an authenticated administrator may be tricked into injecting malicious JavaScript into the web UI...
ESM Console XSS vulnerability
A cross-site scripting vulnerability exists in the web-based console management. This vulnerability has been assigned CVE-2015-2223. This issue affects the management interface of Traps, where an authenticated administrator may be tricked into injecting malicious JavaScript into the web UI...
API key automatic revocation
An issue has been identified in PAN-OS that prevents old management API keys for local administrator accounts from being invalidated upon password change until the device is rebooted. This issue can create a period of time during which an administrator changes the account password, thus creating ...
Device management authentication bypass
Devices running PAN-OS 7.0.0 including Panorama that are configured to use LDAP for captive portal or device management authentication do not properly perform authentication against the LDAP server in specific cases, leading to an authentication bypass. There is no issue if you are using Radius o...
XML External Entity (XXE) Vulnerability
An XML parsing vulnerability exists in PAN-OS allowing a malicious user within PAN-OS to inject malicious XML data into the web-based device management front-end allowing the user to retrieve arbitrary content from the device. The user must be an authenticated user issuing the request. Ref 71273...
XML External Entity (XXE) Vulnerability
An XML parsing vulnerability exists in PAN-OS allowing a malicious user within PAN-OS to inject malicious XML data into the web-based device management front-end allowing the user to retrieve arbitrary content from the device. The user must be an authenticated user issuing the request. Ref 71273...
Cross-site Scripting Vulnerability
A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. Ref 73638...
GHOST: glibc vulnerability
The open source library “glibc” has been found to contain a recently discovered vulnerability CVE-2015-0235, commonly referred to as “GHOST” that has been demonstrated to enable remote code execution in some software. Palo Alto Networks software makes use of the vulnerable library, however there ...
GHOST: glibc vulnerability
The open source library “glibc” has been found to contain a recently discovered vulnerability CVE-2015-0235, commonly referred to as “GHOST” that has been demonstrated to enable remote code execution in some software. Palo Alto Networks software makes use of the vulnerable library, however there ...
Padding-oracle attack on TLS CBC cipher mode
A vulnerability affecting some implementations of TLS 1.x with CBC cipher modes has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-8730. This padding-oracle attack on TLS CBC cipher modes is a variant of the POODLE vulnerability,...
Padding-oracle attack on TLS CBC cipher mode
A vulnerability affecting some implementations of TLS 1.x with CBC cipher modes has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-8730. This padding-oracle attack on TLS CBC cipher modes is a variant of the POODLE vulnerability,...
Cross-site scripting vulnerability
A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. Ref 64563. This vulnerability has been assigned CVE-2014-3764. This issue affects the management interface of the device, whe...
Cross-site scripting vulnerability
A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. Ref 64563. This vulnerability has been assigned CVE-2014-3764. This issue affects the management interface of the device, whe...
Privilege escalation in GlobalProtect agent for Mac OS X
A path injection vulnerability affecting the GlobalProtect agent for Mac OS X 2.1.0 and earlier could allow a local attacker to gain elevated privileges on a targeted system...
SSL 3.0 MITM Attack
A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-3566. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak...
SSL 3.0 MITM Attack
A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-3566. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak...
Bash Shell remote code execution (CVE-2014-6271, CVE-2014-7169)
Palo Alto Networks has become aware of a remote code execution vulnerability in the Bash shell utility. This vulnerability CVE-2014-6271 allows for remote code execution through multiple vectors due to the way Bash is often used on linux systems for processing commands. Additional information can...
OpenSSL Man-in-the-middle vulnerability
The Palo Alto Networks product security engineering team has completed analysis of our products' exposure to the vulnerabilities described in the OpenSSL Security Advisory dated June 5th, 2014. Of the 7 CVEs highlighted in the advisory, only CVE-2014-0224 is relevant to our software. The...
OpenSSL Man-in-the-middle vulnerability
The Palo Alto Networks product security engineering team has completed analysis of our products' exposure to the vulnerabilities described in the OpenSSL Security Advisory dated June 5th, 2014. Of the 7 CVEs highlighted in the advisory, only CVE-2014-0224 is relevant to our software. The...
Management API Key Bypass
An XML API key can be bypassed if a session has been authorized. This can be used in a CSRF or XSS attack. Ref 58976...
Cross-site Scripting Vulnerability
A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. Ref 59010...
Cross-site Scripting Vulnerability
A cross-site scripting vulnerability exists in the web-based device management API browser whereby data provided by the user is echoed back to the user without sanitization. Ref 50908 This issue affects the management interface of the device where the API browser is exposed. This issue affects...
Cross-site Scripting Vulnerability
A cross-site scripting vulnerability exists in the web-based device management API browser whereby data provided by the user is echoed back to the user without sanitization. Ref 50908 This issue affects the management interface of the device where the API browser is exposed. This issue affects...
App-ID Cache Poisoning
An evasion technique that takes advantage of the App-ID cache function has recently been published. In certain circumstances, a knowledgeable user can bypass security policy that restricts the use of certain applications by sending numerous specially crafted requests over the network in order to...
App-ID Cache Poisoning
An evasion technique that takes advantage of the App-ID cache function has recently been published. In certain circumstances, a knowledgeable user can bypass security policy that restricts the use of certain applications by sending numerous specially crafted requests over the network in order to...
Man-in-the-middle Vulnerability in GlobalProtect App
A vulnerability exists in NetConnect all version and GlobalPortect App 1.1.6 and earlier whereby the agent does not verify the certificate presented by the portal server, enabling a possible Man-in-the-middle attack. This vulnerability can result in an agent connecting to an attacker-controlled...
Man-in-the-middle Vulnerability in GlobalProtect App
A vulnerability exists in NetConnect all version and GlobalPortect App 1.1.6 and earlier whereby the agent does not verify the certificate presented by the portal server, enabling a possible Man-in-the-middle attack. This vulnerability can result in an agent connecting to an attacker-controlled...
Command Injection Vulnerability
A vulnerability exists whereby an unauthenticated user can inject commands as root on the device. Ref 31091 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier. Work...
Command Injection Vulnerability
A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 34595 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. The attacker must still be an...
Command Injection Vulnerability
A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 34502 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.1.1 an...
Verbose Error Messages
Under certain conditions, when unexpected input is provided to the web-based management UI, overly verbose error information is delivered back to the client. This does not directly result in any specific vulnerability, however this information is helpful to an attacker. Ref 33139 This issue resul...
Command Injection Vulnerability
A vulnerability exists whereby an authenticated user can execute arbitrary code as root using the device management command line interface. Ref 35249 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.8 and...
Verbose Error Messages
Under certain conditions, when unexpected input is provided to the web-based management UI, overly verbose error information is delivered back to the client. This does not directly result in any specific vulnerability, however this information is helpful to an attacker. Ref 33139 This issue resul...
Command Injection Vulnerability
A vulnerability exists whereby an unauthenticated user can inject commands as root on the device. Ref 30088 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier. Work...
Management Server DOS Vulnerability
An issue exists whereby the management server of the device can be crashed when an authenticated users sends a specially crafted command via the command line interface. Ref 35254 This issue results in the unavailability of the management server of the device. The attacker must be an authenticated...
Command Injection Vulnerability
A vulnerability exists whereby an unauthenticated user can inject commands as root on the device. Ref 30088 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier. Work...
Command Injection Vulnerability
A vulnerability exists whereby an authenticated user can execute arbitrary code as root using the device management command line interface. Ref 34896 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.8 and...
LDAP Passwords Logged in Clear Text
An issue exists whereby LDAP bind passwords are logged to authd.log in clear text when using the default logging level of 'debug'. Ref 35493 This issue results in administrator passwords being logged and stored in clear text. Inappropriate access to this information can lead to unauthorized...
Command Injection Vulnerability
A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 31116 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. The attacker must still be an...