Palo Alto Networks PAN-OS < 4.0.8 Multiple Vulnerabilities
High Nessus Plugin ID 72817
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe remote host is running a version of Palo Alto Networks PAN-OS prior to 4.0.8. It is, therefore, affected by multiple vulnerabilities :
- An information disclosure vulnerability exists due to overly verbose error messages. An attacker can exploit this vulnerability by sending specially crafted input in order to gain access to potentially sensitive information. (CVE-2012-6590 / PAN-SA-2012-0001)
- A vulnerability exists that potentially allows an authenticated user to inject arbitrary shell commands via the CLI. (CVE-2012-6598 / PAN-SA-2012-0009)
Note that the 3.0 branch is not affected by these vulnerabilities.
SolutionUpgrade to PAN-OS version 4.0.8 or later.