Palo Alto Networks PAN-OS Firewall/Panorama WebUI Default Credentials

High Nessus Plugin ID 71496


A web application on the remote host is protected using default credentials.


The Palo Alto Networks PAN-OS Firewall / Panorama WebUI interface on the remote host has the 'admin' user account secured with the default password. An unauthenticated, remote attacker can exploit this to gain administrative access to the web interface.


Secure the 'admin' user account with a strong password.

See Also

Plugin Details

Severity: High

ID: 71496

File Name: palo_alto_webui_default_creds.nasl

Version: $Revision: 1.9 $

Type: remote

Family: Firewalls

Published: 2013/12/17

Modified: 2017/01/10

Dependencies: 71495

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:TF/RC:ND


Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: www/palo_alto_panos

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

OSVDB: 129836