Palo Alto PAN-OS Management Interface Parameter Processing Bug Lets Remote Authenticated Users Delete Files on the Target System - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Device (Firewall) > Palo Alto PAN-OS

Vendors: Palo Alto Networks

Palo Alto PAN-OS Management Interface Parameter Processing Bug Lets Remote Authenticated Users Delete Files on the Target System

SecurityTracker Alert ID: 1041242

SecurityTracker URL: http://securitytracker.com/id/1041242

CVE Reference: CVE-2018-9242 (Links to External Site)

Date: Jul 10 2018

Impact: Modification of system information, Modification of user information

Fix Available: Yes Vendor Confirmed: Yes

Description: A vulnerability was reported in Palo Alto PAN-OS. A remote authenticated user can delete files on the target system.

A remote authenticated user can supply specially crafted request parameters to exploit a flaw in the Management interface and delete files on the target system.

Xinming Nie with Aisinfo-Sec reported this vulnerability.

Impact: A remote authenticated user can delete files on the target system.

Solution: The vendor has issued a fix (6.1.21, 7.1.17, 8.0.10).

The vendor advisory is available at:

https://securityadvisories.paloaltonetworks.com/Home/Detail/123

Vendor URL: securityadvisories.paloaltonetworks.com/Home/Detail/123 (Links to External Site)

Cause: Access control error

Message History: None.

Source Message Contents

Subject: https://securityadvisories.paloaltonetworks.com/Home/Detail/123

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2021, SecurityGlobal.net LLC