Palo Alto Networks PAN-OS 7.0.x < 7.0.6 DHCP Packet Handling Dataplane DoS
Medium Nessus Plugin ID 91971
SynopsisThe remote host is affected by a denial of service vulnerability.
DescriptionThe version of Palo Alto Networks PAN-OS running on the remote host is 7.0.x < 7.0.6. It is, therefore, affected by a flaw in the firewall functionality that is triggered when the firewall is configured as a DHCP relay and it receives DHCP requests from a third-party client or server that exceed the payload length specified in RFC-2132. An unauthenticated, remote attacker can exploit this, via a crafted DHCP packet, to cause the dataplane to restart, resulting in a denial of service condition.
SolutionUpgrade to Palo Alto Networks PAN-OS version 7.0.6 or later.