Vulnerabilities in Palo Alto PAN-OS

Number: AV16-040
Date: 3 March 2016

Purpose

The purpose of this advisory is to bring attention to multiple vulnerabilities in the Palo Alto PAN-OS.

Assessment

Palo Alto has released multiple security advisories to address a range of vulnerabilities in the following software/hardware:

Critical
Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN VPNSee virtual private network. Web Interface InterfaceA boundary across which two systems communicate. An interface might be a hardware connector used to link to other devices, or it might be a convention used to allow communication between two software systems. .
Affected Versions: PAN-OS releases 5.0.17 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.4 and prior.

High
Unauthenticated Command Injection in Management Web Interface.
Affected Versions: PAN-OS releases 5.0.17 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.4 and prior.

Medium
Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface.
Affected Versions:  PAN-OS releases 5.0.17 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.5 and prior.

ESM Console XSS vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. (CVE-2015-2223).
Affected Versions:  Traps ESM Console version 3.2.1 and earlier.

Low
Command Injection in Command Line Interface
Affected Versions:  PAN-OS releases 5.0.17 and prior, 5.1.10 and prior, 6.0.12 and prior, 6.1.9 and prior, 7.0.5 and prior.

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References

https://securityadvisories.paloaltonetworks.com/?AspxAutoDetectCookieSupport=1