Palo Alto Networks Knowledgebase: Palo Alto Networks Security Advisories [30-August-2017]

Palo Alto Networks Security Advisories [30-August-2017]

2040
Created On 02/07/19 23:43 PM - Last Updated 02/07/19 23:43 PM
Resolution

With the release of PAN-OS 7.1.12 Palo Alto Networks has published 2 new and 1 updated Security Advisory addressing 3 security issues.

 

New Security Advisories

 

PAN-SA-2017-0023 - Cross-Site Scripting in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface, that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters.

 

  • Medium Severity
  • Fixed in PAN-OS 6.1.18, PAN-OS 7.0.17, PAN-OS 7.1.12 and PAN-OS 8.0.3
  • CVE-2017-12416

PAN-SA-2017-0024 - XML External Entity (XXE) in PAN-OS 

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface, that could allow for XML External Entity (XXE) attack. PAN-OS does not properly parse XML input.

 

  • High Severity
  • Fixed in PAN-OS 6.1.18, PAN-OS 7.0.17, PAN-OS 7.1.12 and PAN-OS 8.0.3
  • CVE-2017-9458

Updated Security Advisory

 

PAN-SA-2017-0022 - NTP Vulnerability

The Network Time Protocol (NTP) library has been found to contain a vulnerability CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library and may be affected. This issue only affects the management plane of the firewall.

 

  • Low Severity
  • Fixed in PAN-OS 7.1.12 and PAN-OS 8.0.4
  • Fixes for 6.1 and 7.0 will be released on a future date
  • CVE-2017-6460

Details of the issues, affected versions, and any mitigation information can be found in the Security Advisory.

 

Please visit our Security Advisories website to learn more at https://securityadvisories.paloaltonetworks.com/

 

If you have questions, please contact support https://www.paloaltonetworks.com/company/contact-support

 



Regards

Product Security Incident Response Team
Palo Alto Networks

 

Updated August-31-2017 - Security Advisories updated to clarify that both the Internal and external interfaces of GlobalProtect are affected by issues listed in PAN-SA-2017-0023 and PAN-SA-2017-0024



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CllACAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language