Palo Alto Networks PAN-OS < 7.1.7 Unified Log View Information Disclosure

low Nessus Plugin ID 96531

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The version of Palo Alto Networks PAN-OS running on the remote host is prior to 7.1.7. It is, therefore, affected by an information disclosure vulnerability in the unified log view component that allows an authenticated, remote attacker to view threat logs even if viewing privileges are disabled.

Solution

Upgrade to Palo Alto Networks PAN-OS version 7.1.7 or later.

See Also

http://www.nessus.org/u?e99db9ca

Plugin Details

Severity: Low

ID: 96531

File Name: palo_alto_pan-os_7_1_7.nasl

Version: 1.4

Type: combined

Published: 1/16/2017

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 2.7

Temporal Score: 2.4

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version

Patch Publication Date: 1/3/2017

Vulnerability Publication Date: 1/3/2017