Palo Alto Networks Security Advisories - PAN-SA-2018-0008

Started by icecream-guy, July 20, 2018, 05:40:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

icecream-guy

July 20, 2018, 05:40:24 AM
Palo Alto Networks has published a new Security Advisory to https://securityadvisories.paloaltonetworks.com/.

Denial of Service in PAN-OS Management Web Interface
Summary
Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715. This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface. (Ref #PAN-93089, CVE-2018-8715)

Severity:  High
A specially craftedHTTP POST request with an invalid "If-modified" and/or "Host" header fields may cause a NULL dereference and cause a denial of service condition. This vulnerability can be triggered without login or authentication and could result in a crash of the management service.

Products Affected
PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.0.  Global Protect is NOT affected.

Available Updates
PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.10 and later, and PAN-OS 8.1.1 and later.   

Workarounds and Mitigations
This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS. Our best practices guidelines reduce the exposure of the management interface to potential attackers.  Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.

Acknowledgements
n/a

Regards,
Product Security Incident Response Team

Palo Alto Networks
:professorcat:

My Moral Fibers have been cut.
Print
Go Up Pages1
User actions