Palo Alto Networks PAN-OS 7.0.x < 7.0.12 Multiple Vulnerabilities

High Nessus Plugin ID 95925

Synopsis

The remote host is affected by multiple denial of service vulnerabilities.

Description

The version of Palo Alto Networks PAN-OS running on the remote host is 7.0.x prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists when processing IPv6 traffic matching a predict session. An unauthenticated, remote attacker can exploit this to cause the dataplane to restart. (VulnDB 148534)

- A denial of service vulnerability exists under the HA active-active configuration when handling out-of-order jumbo packets. An unauthenticated, remote attacker can exploit this to cause a failover to occur. (VulnDB 148535)

- A denial of service vulnerability exists when processing packets that have an incorrectly set IPv4 Reserved flag.
An unauthenticated, remote attacker can exploit this to cause the dataplane to restart. (VulnDB 148549)

Solution

Upgrade to Palo Alto Networks PAN-OS version 7.0.12 or later.

See Also

http://www.nessus.org/u?43ffd409

Plugin Details

Severity: High

ID: 95925

File Name: palo_alto_pan-os_7_0_12.nasl

Version: $Revision: 1.2 $

Type: combined

Published: 2016/12/19

Modified: 2016/12/20

Dependencies: 72816

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSSv3

Base Score: 7.5

Temporal Score: 6.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/12/08

Vulnerability Publication Date: 2016/12/08