Detections
Analytics

Palo Alto Networks < 7.1.23 / 8.0.x < 8.0.16 / 8.1.x < 8.1.7 Integer Overflow Vulnerability (PAN-SA-2019-0006)

high Nessus Plugin ID 123079

Language:

Synopsis

The remote host is affected by integer overflow vulnerability in the Linux Kernel that exists in the PAN-OS

Description

The version of Palo Alto Networks PAN-OS running on the remote host is prior to 7.1.23 or 8.0.x prior to 8.0.16 or 8.1.x prior to 8.1.7.
It is, therefore, affected by an integer overflow vulnerability exists in the Linux Kernel of PAN-OS. An authenticated, local attacker can exploit this, via execution of arbitrary code in chained attack.
(CVE-2018-14634)

Solution

Upgrade to Palo Alto Networks PAN-OS version 7.1.23 / 8.0.16 / 8.1.7 or later.

See Also

http://www.nessus.org/u?2afacfa4

Plugin Details

Severity: High

ID: 123079

File Name: palo_alto_PAN-SA-2019-0006.nasl

Version: 1.4

Type: combined

Published: 3/25/2019

Updated: 4/1/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-14634

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version, Host/Palo_Alto/Firewall/Source

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/20/2019

Vulnerability Publication Date: 3/20/2019

Reference Information

CVE: CVE-2018-14634

BID: 105407