Palo Alto Networks PAN-OS Management Interface Remote DoS (PAN-SA-2016-0027)
Medium Nessus Plugin ID 96314
SynopsisThe remote host is affected by a denial of service vulnerability.
DescriptionThe Palo Alto Networks PAN-OS running on the remote host is affected by a NULL pointer dereference flaw in the web management interface, specifically in the parseRange() function within file rx.c, when handling HTTP requests involving a Range header with an empty value.
An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the Appweb process for the management interface to terminate, resulting in a denial of service condition.
Note that PAN-OS is reportedly affected by other vulnerabilities as well; however, Nessus has not tested for these.
SolutionUpgrade to Palo Alto Networks PAN-OS version 5.0.20 / 5.1.13 / 6.0.15 / 6.1.15 / 7.0.11 / 7.1.6 or later.