The wget library has been found to contain a vulnerability (CVE 2016-4971). wget allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-59677/ CVE 2016-4971)
Successfully exploiting this issue would require an attacker to be authenticated on the Management Interface.
This issue affects PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.9 and earlier, PAN-OS 8.0
|PAN-OS 8.0||None||>= 8.0.1|
|PAN-OS 7.1||<= 7.1.9||>= 7.1.10|
|PAN-OS 7.0||<= 7.0.14||>= 7.0.15|
|PAN-OS 6.1||<= 6.1.16||>= 6.1.17|
CVSSv3.1 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
PAN-OS 6.1.17 and later, PAN-OS 7.0.15 and later, PAN-OS 7.1.10 and later, PAN-OS 8.0.1 and later
Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.