Detections
Analytics
Palo Alto Networks PAN-OS 4.1.x < 4.1.16 / 5.0.x < 5.0.10 / 5.1.x < 5.1.5 API Key Bypass Flaw
low Nessus Plugin ID 73138
Language:
Synopsis
The remote host is affected by an API key bypass flaw.Description
The remote host is running a version of Palo Alto Networks PAN-OS prior to 4.1.16 / 5.0.10 / 5.1.5. It is, therefore, affected by an API key bypass flaw which allows a remote attacker to bypass the XML API key for a session that has already been authorized.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to PAN-OS version 4.1.16 / 5.0.10 / 5.1.5 or later.See Also
https://securityadvisories.paloaltonetworks.com/Home/Detail/21
Plugin Details
Severity: Low
ID: 73138
File Name: palo_alto_PAN-SA-2014-0001.nasl
Version: 1.7
Type: combined
Family: Palo Alto Local Security Checks
Published: 3/21/2014
Updated: 8/8/2018
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Low
Base Score: 3.5
Temporal Score: 3
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/o:paloaltonetworks:pan-os
Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version
Exploit Ease: No known exploits are available
Patch Publication Date: 1/29/2014
Vulnerability Publication Date: 1/29/2014
Reference Information
BID: 65886