Palo Alto Networks PAN-OS 7.0.x < 7.0.5 Multiple Vulnerabilities

critical Nessus Plugin ID 91970

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The version of Palo Alto Networks PAN-OS running on the remote host is 7.0.x < 7.0.5. It is, therefore, affected by multiple vulnerabilities :

- A buffer overflow condition exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service or the execution of arbitrary code.

- A flaw exists in the API due to sending inappropriate responses to special requests. An unauthenticated, remote attacker can exploit this to have an unspecified impact.

- An unspecified flaw exists that allows an authenticated, remote attacker to access potentially sensitive information in the system logs.

- A flaw exists in the firewall functionality due to session timeout values being ignored, which allows administrator sessions to be automatically refreshed.
An unauthenticated, remote attacker can exploit this to more easily gain access to a user's session.

- A flaw exists when handling mutated traffic from third-party signature detection software that causes a VM-Series disk to become corrupted and enter maintenance mode. An unauthenticated, remote attacker can exploit this to impact the integrity of the system.

- A flaw exists in the firewall functionality that is triggered during the SSL handshake when the firewall receives a Hello packet from the server that has a higher SSL protocol version than the Hello packet received from the client. An unauthenticated, remote attacker can exploit this to cause the dataplane to restart, resulting in a denial of service condition.

- A security bypass vulnerability exists in the XML API that allows an authenticated, remote attacker with superuser read-only permissions to bypass intended restrictions and perform a commit.

- A flaw exists in the firewall functionality due to not accurately checking certificate revocation status via OSCP when the OCSP request does not include the HOST header option. An unauthenticated, remote attacker can exploit this to impact the integrity of the system.

Solution

Upgrade to Palo Alto Networks PAN-OS version 7.0.5 or later.

See Also

http://www.nessus.org/u?21ad624a

Plugin Details

Severity: Critical

ID: 91970

File Name: palo_alto_pan-os_7_0_5.nasl

Version: 1.5

Type: combined

Published: 7/7/2016

Updated: 1/2/2019

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version

Patch Publication Date: 2/9/2016

Vulnerability Publication Date: 2/9/2016