Palo Alto Networks PAN-OS Management Interface API Remote DoS (PAN-SA-2016-0008)
Medium Nessus Plugin ID 91958
SynopsisThe remote host is affected by a denial of service vulnerability.
DescriptionThe Palo Alto Networks PAN-OS running on the remote host is affected by a denial of service vulnerability in the API hosted on the management interface, specifically in the panUserLogin() function within panmodule.so, due to improper validation of user-supplied input to the 'username' and 'password' parameters. An unauthenticated, remote attacker can exploit this, via a crafted request, to cause the process to terminate.
Note that PAN-OS is reportedly affected by other vulnerabilities as well; however, Nessus has not tested for these.
SolutionUpgrade to Palo Alto Networks PAN-OS version 7.0.8 or later.