Palo Alto Networks PAN-OS API Key Persistence Security Bypass (PAN-SA-2015-0006)
Medium Nessus Plugin ID 86906
SynopsisThe remote host is affected by an authentication security bypass vulnerability.
DescriptionThe Palo Alto Networks PAN-OS running on the remote host is a version prior to 6.1.7 or 7.x prior to 7.0.2. It is, therefore, affected by a security bypass vulnerability due to a failure to invalidate the local administrator API keys after a password change has been performed, the old keys being valid up until the time the device is rebooted. A remote attacker can exploit this to gain access to the management interface.
SolutionUpgrade to Palo Alto Networks PAN-OS version 6.1.7 / 7.0.2 or later.