Palo Alto Networks PAN-OS Security Advisories

Number: AV16-192
Date: 22 November 2016

Purpose

The purpose of this advisory is to bring attention to multiple security advisories for Palo Alto Networks PAN-OS.

Assessment

Palo Alto Networks has released multiple security advisories to address a range of vulnerabilities in PAN-OS. The severity of these issues ranges from low to critical.

Critical
PAN-SA-2016-0035 - Buffer Overflow in the Management Web Interface

Medium
PAN-SA-2016-0034 - Local Privilege Escalation

Low
PAN-SA-2016-0036 - OpenSSH Vulnerability
PAN-SA-2016-0037 - XPath Injection

CVE References: CVE-2016-6210, CVE-2016-9149, CVE-2016-9150, CVE-2016-9151

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

PAN-SA-2016-0034:
https://securityadvisories.paloaltonetworks.com/Home/Detail/67

PAN-SA-2016-0035:
https://securityadvisories.paloaltonetworks.com/Home/Detail/68

PAN-SA-2016-0036:
https://securityadvisories.paloaltonetworks.com/Home/Detail/69

PAN-SA-2016-0037:
https://securityadvisories.paloaltonetworks.com/Home/Detail/70

Date modified: