Number: AV16-040
Date: 3 March 2016
Purpose
The purpose of this advisory is to bring attention to multiple vulnerabilities in the Palo Alto PAN-OS.
Assessment
Palo Alto has released multiple security advisories to address a range of vulnerabilities in the following software/hardware:
Critical
Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface.
Affected Versions: PAN-OS releases 5.0.17 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.4 and prior.
High
Unauthenticated Command Injection in Management Web Interface.
Affected Versions: PAN-OS releases 5.0.17 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.4 and prior.
Medium
Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface.
Affected Versions: PAN-OS releases 5.0.17 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.5 and prior.
ESM Console XSS vulnerability (CVE-2015-2223).
Affected Versions: Traps ESM Console version 3.2.1 and earlier.
Low
Command Injection in Command Line Interface
Affected Versions: PAN-OS releases 5.0.17 and prior, 5.1.10 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.5 and prior.
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References
https://securityadvisories.paloaltonetworks.com/?AspxAutoDetectCookieSupport=1