Palo Alto Networks Security Advisories / CVE-2014-9708

CVE-2014-9708 Web interface denial of service


047910
Severity 5.3 · MEDIUM
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact NONE
Privileges Required NONE
Integrity Impact NONE
User Interaction NONE
Availability Impact LOW

Description

Palo Alto Networks web management server is vulnerable to a denial-of-service attack. (Ref # PAN-64917/105311) (CVE-2014-9708)

This pre-authenticated denial-of-service attack could disrupt the web management interface.

This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.1<= 7.1.5>= 7.1.6
PAN-OS 7.0<= 7.0.10>= 7.0.11
PAN-OS 6.1<= 6.1.14>= 6.1.15
PAN-OS 6.0<= 6.0.14>= 6.0.15
PAN-OS 5.1<= 5.1.12>= 5.1.13
PAN-OS 5.0<= 5.0.19>= 5.0.20

Severity: MEDIUM

CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Solution

PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later

Workarounds and Mitigations

Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.

© 2024 Palo Alto Networks, Inc. All rights reserved.