This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Palo Alto Networks Security Advisories [30-August-2017]

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Palo Alto Networks Security Advisories [30-August-2017]

kshorrock
L3 Networker

‎08-30-2017 05:02 PM - edited ‎08-31-2017 04:11 PM

No ratings

With the release of PAN-OS 7.1.12 Palo Alto Networks has published 2 new and 1 updated Security Advisory addressing 3 security issues.

 

New Security Advisories

 

PAN-SA-2017-0023 - Cross-Site Scripting in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface, that could allow for a cross-site scripting (XSS) attack. PAN-OS does not properly validate specific request parameters.

 

  • Medium Severity
  • Fixed in PAN-OS 6.1.18, PAN-OS 7.0.17, PAN-OS 7.1.12 and PAN-OS 8.0.3
  • CVE-2017-12416

PAN-SA-2017-0024 - XML External Entity (XXE) in PAN-OS 

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface, that could allow for XML External Entity (XXE) attack. PAN-OS does not properly parse XML input.

 

  • High Severity
  • Fixed in PAN-OS 6.1.18, PAN-OS 7.0.17, PAN-OS 7.1.12 and PAN-OS 8.0.3
  • CVE-2017-9458

Updated Security Advisory

 

PAN-SA-2017-0022 - NTP Vulnerability

The Network Time Protocol (NTP) library has been found to contain a vulnerability CVE-2017-6460. Palo Alto Networks software makes use of the vulnerable library and may be affected. This issue only affects the management plane of the firewall.

 

  • Low Severity
  • Fixed in PAN-OS 7.1.12 and PAN-OS 8.0.4
  • Fixes for 6.1 and 7.0 will be released on a future date
  • CVE-2017-6460

Details of the issues, affected versions, and any mitigation information can be found in the Security Advisory.



 

Please visit our Security Advisories website to learn more at https://securityadvisories.paloaltonetworks.com/



 

If you have questions, please contact support https://www.paloaltonetworks.com/company/contact-support

 



Regards


Product Security Incident Response Team
Palo Alto Networks

 

Updated August-31-2017 - Security Advisories updated to clarify that both the Internal and external interfaces of GlobalProtect are affected by issues listed in PAN-SA-2017-0023 and PAN-SA-2017-0024

Rate this article:
0 Likes Likes
Comments
stmark
L0 Member
‎08-31-2017 08:30 AM

Does disabling the login page for the Global Protect Portal mitigate this vulnerability?  Does these global protect related vulnerabilities affect both the Gateway and Portal?

 

Thanks!

  • 19237 Views
  • 1 comments
  • 0 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎08-31-2017 04:11 PM
Updated by:
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks