Palo Alto Networks PAN-OS 6.1.x < 6.1.17 / 7.0.x < 7.0.15 / 7.1.x < 7.1.10 / 8.0.x < 8.0.2 Multiple Vulnerabilities

Medium Nessus Plugin ID 100419

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The version of Palo Alto Networks PAN-OS running on the remote host is 6.1.x prior to 6.1.17, 7.0.x prior to 7.0.15, 7.1.x prior to 7.1.10, or 8.0.x prior to 8.0.2. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the GNU wget component when handling server redirects to FTP resources due to the destination file name being obtained from the redirected URL and not the original URL. An unauthenticated, remote attacker can exploit this, via a specially crafted response, to cause a different file name to be used than intended, resulting in writing to arbitrary files. (CVE-2016-4971)

- A flaw exists in the Linux kernel due to improper determination of the rate of challenge ACK segments. An unauthenticated, remote attacker can exploit this to gain access to the shared counter, which makes it easier to hijack TCP sessions using a blind in-window attack.
This issue only affects version 7.1.x. (CVE-2016-5696)

- An out-of-bounds read error exists when handling packets using the CHACHA20/POLY1305 or RC4-MD5 ciphers. An unauthenticated, remote attacker can exploit this, via specially crafted truncated packets, to cause a denial of service condition. This issue does not affect version 6.1.x. (CVE-2017-3731)

- A cross-site scripting (XSS) vulnerability exists in GlobalProtect due to improper validation of user-supplied input to unspecified request parameters before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session. This issue only affects version 7.0.x.
(CVE-2017-7409)

- A flaw exists in the web-based management interface due to improper permission checks that allows an authenticated, remote attacker to disclose sensitive information. This issue only affects versions 6.1.x, 7.0.x, and 8.0.x. (CVE-2017-7644)

- An information disclosure vulnerability exists in the GlobalProtect external interface due to returning different error messages when handling login attempts with valid or invalid usernames. An unauthenticated, remote attacker can exploit this to enumerate valid user accounts. This issue only affects versions 6.1.x, 7.0.x, and 8.0.x. (CVE-2017-7945)

- A denial of service vulnerability exists in the firewall when handling stale responses to authentication requests prior to selecting CHAP or PAP as the protocol. An unauthenticated, remote attacker can exploit this to cause the authentication process (authd) to stop responding. This issue only affects versions 7.0.x and 7.1.x. (VulnDB 156216)

- An information disclosure vulnerability exists when viewing changes in the configuration log due to the 'Auth Password' and 'Priv Password' for the SNMPv3 server profile not being properly masked. A local attacker can exploit this to disclose password information. This issue only affects versions 7.1.x and 8.0.x. (VulnDB 158179)

- A denial of service vulnerability exists due to a flaw when handling HA3 messages. An unauthenticated, remote attacker can exploit this to cause several processes to stop. This issue only affects version 7.1.x.
(VulnDB 158180)

Solution

Upgrade to Palo Alto Networks PAN-OS version 6.1.17 / 7.0.15 / 7.1.10 / 8.0.2 or later.

See Also

http://www.nessus.org/u?0d96265b

http://www.nessus.org/u?1f083775

http://www.nessus.org/u?aacbe40b

http://www.nessus.org/u?49c666f2

http://www.nessus.org/u?fe505ba3

http://www.nessus.org/u?9254ef1a

Plugin Details

Severity: Medium

ID: 100419

File Name: palo_alto_pan-os_7_0_15.nasl

Version: $Revision: 1.8 $

Type: combined

Published: 2017/05/25

Modified: 2017/07/27

Dependencies: 72816

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSSv3

Base Score: 4.8

Temporal Score: 4.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/04/20

Vulnerability Publication Date: 2016/06/09

Reference Information

CVE: CVE-2016-4971, CVE-2016-5696, CVE-2017-3731, CVE-2017-7409, CVE-2017-7644, CVE-2017-7945

BID: 91530, 91704, 95813, 98404, 97953, 98396

EDB-ID: 40064