Palo Alto Networks PAN-OS 5.0.x < 5.0.20 / 5.1.x < 5.1.13 / 6.0.x < 6.0.15 / 6.1.x < 6.1.15 / 7.0.x < 7.0.11 / 7.1.x < 7.1.6 Multiple Vulnerabilities (PAN-SA-2016-0033 / PAN-SA-2016-0034 / PAN-SA-2016-0035 / PAN-SA-2016-0037)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The version of Palo Alto Networks PAN-OS running on the remote host is
5.0.x prior to 5.0.20, 5.1.x prior to 5.1.13, 6.0.x prior to 6.0.15,
6.1.x prior to 6.1.15, 7.0.x prior to 7.0.11, or 7.1.x prior to 7.1.6.
It is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the
Address Object Parsing functionality due to a failure to
properly escape single quote characters. An
unauthenticated, remote attacker can exploit this to
inject XPath content, resulting in the disclosure of
sensitive information. (CVE-2016-9149)

- An off-by-one buffer overflow condition exists in the
management web interface within the mprItoa() function.
An unauthenticated, remote attacker can exploit this,
via a specially crafted request, to cause a denial of
service condition or the execution of arbitrary code.

- An elevation of privilege vulnerability exists in
/usr/local/bin/root_trace due to improper validation of
the PYTHONPATH environment variable. A local attacker
who has shell access can exploit this vulnerability, by
manipulating environment variables, to execute code with
root privileges. Note that this vulnerability exists
because of an incomplete fix for CVE-2016-1712.

- A cross-site scripting (XSS) vulnerability exists in the
Captive Portal due to improper validation of input
before returning it to users. An unauthenticated, remote
attacker can exploit this, via a specially crafted
request, to execute arbitrary script code in a user's
browser session. (VulnDB 146509)

See also :

Solution :

Upgrade to Palo Alto Networks PAN-OS version 5.0.20 / 5.1.13 /
6.0.15 / 6.1.15 / 7.0.11 / 7.1.6 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false

Family: Palo Alto Local Security Checks

Nessus Plugin ID: 95478 ()

Bugtraq ID: 94199

CVE ID: CVE-2016-9149

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now