SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Firewall)  >   Palo Alto PAN-OS Vendors:   Palo Alto Networks
Palo Alto PAN-OS Bug in Web Interface Packet Capture Managment Function Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System
SecurityTracker Alert ID:  1040006
SecurityTracker URL:  http://securitytracker.com/id/1040006
CVE Reference:   CVE-2017-15940   (Links to External Site)
Date:  Dec 13 2017
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Palo Alto PAN-OS. A remote authenticated user can execute arbitrary commands on the target system.

A remote authenticated user can send specially crafted data to the web interface packet capture management function to inject and execute arbitrary commands on the target system.

Won Lae Lee and Hwang, Gyu Won from Samsung reported this vulnerability.

Impact:   A remote authenticated user can execute arbitrary commands on the target system.
Solution:   The vendor has issued a fix (6.1.19, 7.0.19, 7.1.14).

The vendor advisory is available at:

https://securityadvisories.paloaltonetworks.com/Home/Detail/105

Vendor URL:  securityadvisories.paloaltonetworks.com/Home/Detail/105 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  https://securityadvisories.paloaltonetworks.com/Home/Detail/105

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC