This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The version of Palo Alto Networks PAN-OS running on the remote host is
5.0.x prior to 5.0.20, 5.1.x prior to 5.1.13, 6.0.x prior to 6.0.15,
6.1.x prior to 6.1.15, 7.0.x prior to 7.0.11, or 7.1.x prior to 7.1.6.
It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists in the
Address Object Parsing functionality due to a failure to
properly escape single quote characters. An
unauthenticated, remote attacker can exploit this to
inject XPath content, resulting in the disclosure of
sensitive information. (CVE-2016-9149)
- An off-by-one buffer overflow condition exists in the
management web interface within the mprItoa() function.
An unauthenticated, remote attacker can exploit this,
via a specially crafted request, to cause a denial of
service condition or the execution of arbitrary code.
- An elevation of privilege vulnerability exists in
/usr/local/bin/root_trace due to improper validation of
the PYTHONPATH environment variable. A local attacker
who has shell access can exploit this vulnerability, by
manipulating environment variables, to execute code with
root privileges. Note that this vulnerability exists
because of an incomplete fix for CVE-2016-1712.
- A cross-site scripting (XSS) vulnerability exists in the
Captive Portal due to improper validation of input
before returning it to users. An unauthenticated, remote
attacker can exploit this, via a specially crafted
request, to execute arbitrary script code in a user's
browser session. (VulnDB 146509)
See also :
Upgrade to Palo Alto Networks PAN-OS version 5.0.20 / 5.1.13 /
6.0.15 / 6.1.15 / 7.0.11 / 7.1.6 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false