Palo Alto Networks Security Advisories / CVE-2017-15942

CVE-2017-15942 Denial of Service Against GlobalProtect

047910
Severity 7.5 · HIGH
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact NONE
Privileges Required NONE
Integrity Impact NONE
User Interaction NONE
Availability Impact HIGH
NVD JSON
Published 2017-12-06
Updated 2020-05-18
Reference PAN-78127 PAN-SA-2017-0025

Description

A vulnerability exists in PAN-OS that could lead to denying access to GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. (Ref # PAN-78127 / CVE-2017-15942)

PAN-OS contains a vulnerability in GlobalProtect that may allow a non-authenticated third party to mount a Denial of Service attack against the GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. This vulnerability is only available when the GlobalProtect gateway or portal is running.

This issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.12 and earlier, PAN-OS 8.0.5 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 8.0<= 8.0.5>= 8.0.6
PAN-OS 7.1<= 7.1.12>= 7.1.13
PAN-OS 7.0<= 7.0.18>= 7.0.19
PAN-OS 6.1<= 6.1.18>= 6.1.19

Severity: HIGH

CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness Type

CWE-399 Resource Management Errors

Solution

PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.13 and later, PAN-OS 8.0.6 and later

Workarounds and Mitigations

This vulnerability is only available when the GlobalProtect gateway or portal is running.

Acknowledgments

Palo Alto Networks would like to thank Craig Stephen and Martin Ferris from Net Consulting for reporting this issue to us.

Timeline

Updated credit statement
Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.