Palo Alto Networks PAN-OS 7.0.x < 7.0.12 Multiple Vulnerabilities

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple denial of service
vulnerabilities.

Description :

The version of Palo Alto Networks PAN-OS running on the remote host is
7.0.x prior to 7.0.12. It is, therefore, affected by multiple
vulnerabilities :

- A denial of service vulnerability exists when processing
IPv6 traffic matching a predict session. An
unauthenticated, remote attacker can exploit this to
cause the dataplane to restart. (VulnDB 148534)

- A denial of service vulnerability exists under the HA
active-active configuration when handling out-of-order
jumbo packets. An unauthenticated, remote attacker can
exploit this to cause a failover to occur. (VulnDB
148535)

- A denial of service vulnerability exists when processing
packets that have an incorrectly set IPv4 Reserved flag.
An unauthenticated, remote attacker can exploit this to
cause the dataplane to restart. (VulnDB 148549)

See also :

http://www.nessus.org/u?43ffd409

Solution :

Upgrade to Palo Alto Networks PAN-OS version 7.0.12 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Palo Alto Local Security Checks

Nessus Plugin ID: 95925 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now