Palo Alto Networks PAN-OS 7.0.x < 7.0.14 / 7.1.x < 7.1.9 Multiple Vulnerabilities (PAN-SA-2017-0008 - PAN-SA-2017-0010)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The version of Palo Alto Networks PAN-OS running on the remote host is
7.0.x prior to 7.0.14 or 7.1.x prior to 7.1.9. It is, therefore,
affected by multiple vulnerabilities :

- A flaw exists in the Management Web Interface due to
improper validation of certain request parameters. An
authenticated, remote attacker can exploit this to
disclose potentially sensitive information. Note that
this vulnerability only affects the 7.1.x version.
(CVE-2017-7126)

- A flaw exists in the Management Web Interface due to
improper validation of certain request parameters. An
authenticated, remote attacker can exploit this to
write arbitrary data to export files. (CVE-2017-7217)

- A flaw exists in the Management Web Interface due to
improper validation of certain request parameters. A
local attacker can exploit this to execute arbitrary
code with elevated privileges. Note that this
vulnerability only affects the 7.1.x version.
(CVE-2017-7218)

See also :

https://securityadvisories.paloaltonetworks.com/Home/Detail/78
https://securityadvisories.paloaltonetworks.com/Home/Detail/79
https://securityadvisories.paloaltonetworks.com/Home/Detail/80

Solution :

Upgrade to Palo Alto Networks PAN-OS version 7.0.14 / 7.1.9 or later.

As a workaround or mitigation, Palo Alto Networks recommends allowing
web interface access only to a dedicated management network.
Additionally, restrict the set of IP addresses to a subset of
authorized sources that you allow to interact with the management
network.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Palo Alto Local Security Checks

Nessus Plugin ID: 99438 ()

Bugtraq ID: 97590
97592
97598

CVE ID: CVE-2017-7126
CVE-2017-7217
CVE-2017-7218

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now