Palo Alto Networks PAN-OS 6.1.x < 6.1.18 / 7.0.x < 7.0.17 / 7.1.x < 7.1.12 / 8.0.x < 8.0.3 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote PAN-OS host is affected by multiple vulnerabilities.

Description :

The version of Palo Alto Networks PAN-OS running on the remote host is
6.1.x prior to 6.1.18, 7.0.x prior to 7.0.17, 7.1.x prior to 7.1.12,
or 8.0.x prior to 8.0.3. It is, therefore, affected by multiple
vulnerabilities :

- A denial of service vulnerability exists in the OpenSSL
component that is triggered when handling a large number
of consecutive 'SSL3_AL_WARNING' undefined alerts. An
unauthenticated, remote attacker can exploit this, by
continuously sending warning alerts, to exhaust
available CPU resources. Note that this vulnerability
does not affect the 8.0.x version branch.
(CVE-2016-8610)

- A remote code execution vulnerability exists in the
Linux kernel in udp.c due to an unsafe second checksum
calculation during execution of a recv system call with
the MSG_PEEK flag. An unauthenticated, remote attacker
can exploit this, via specially crafted UDP traffic, to
cause a denial of service condition or the execution of
arbitrary code. Note that this vulnerability does not
affect the 7.0.x version branch. (CVE-2016-10229)

- A remote code execution vulnerability exists in the DNS
proxy service that is triggered when resolving fully
qualified domain names (FQDN). An unauthenticated,
remote attacker can exploit this to execute arbitrary
code. Note that this vulnerability was fixed in version
7.1.10 for the 7.1.x version branch. (CVE-2017-8390)

- A XML external entity (XXE) vulnerability exists due to
an incorrectly configured XML parser accepting XML from
an untrusted source. An unauthenticated, remote attacker
can exploit this by sending specially crafted XML data
to the GlobalProtect external interface. Exploitation of
this vulnerability may allow disclosure of information,
denial of service or server side request forgery.
(CVE-2017-9458)

- A stored cross-site scripting (XSS) vulnerability exists
in the Firewall web interface due to improper validation
of user-supplied input before returning it to users. An
unauthenticated, remote attacker can exploit this, via a
specially crafted request, to execute arbitrary script
code in a user's browser session. (CVE-2017-9459)

- A cross-site scripting (XSS) vulnerability exists in the
GlobalProtect component due to improper validation of
user-supplied input to unspecified request parameters.
An unauthenticated, remote attacker can exploit this,
via a specially crafted request, to execute arbitrary
script code in a user's browser session.
(CVE-2017-9467, CVE-2017-12416)

- A denial of service vulnerability exists that is
triggered when the system attempts to close the
connection of a rogue client that ignored the URL
filtering block page. An unauthenticated, remote
attacker can exploit this to crash the interface. Note
that this vulnerability does not affect the 6.1.x and
7.0.x version branches. (VulnDB 159828)

See also :

http://www.nessus.org/u?9d557f3a
https://securityadvisories.paloaltonetworks.com/Home/Detail/87
https://securityadvisories.paloaltonetworks.com/Home/Detail/88
https://securityadvisories.paloaltonetworks.com/Home/Detail/89
https://securityadvisories.paloaltonetworks.com/Home/Detail/90
https://securityadvisories.paloaltonetworks.com/Home/Detail/91
https://securityadvisories.paloaltonetworks.com/Home/Detail/93
https://securityadvisories.paloaltonetworks.com/Home/Detail/94

Solution :

Upgrade to Palo Alto Networks PAN-OS version 6.1.18 / 7.0.17 / 7.1.12
/ 8.0.3 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Palo Alto Local Security Checks

Nessus Plugin ID: 101164 ()

Bugtraq ID: 93841
97397
99902
99907
99911
100614
100619

CVE ID: CVE-2016-8610
CVE-2016-10229
CVE-2017-8390
CVE-2017-9458
CVE-2017-9459
CVE-2017-9467
CVE-2017-12416

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now