Palo Alto Networks Security Advisories / CVE-2017-15942

CVE-2017-15942 Denial of Service Against GlobalProtect

047910
Severity 7.5 · HIGH
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction NONE
Scope UNCHANGED
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact HIGH

Description

A vulnerability exists in PAN-OS that could lead to denying access to GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. (Ref # PAN-78127 / CVE-2017-15942)

PAN-OS contains a vulnerability in GlobalProtect that may allow a non-authenticated third party to mount a Denial of Service attack against the GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. This vulnerability is only available when the GlobalProtect gateway or portal is running.

This issue affects PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.12 and earlier, PAN-OS 8.0.5 and earlier

Product Status

PAN-OS

VersionsAffectedUnaffected
8.0<= 8.0.5>= 8.0.6
7.1<= 7.1.12>= 7.1.13
7.0<= 7.0.18>= 7.0.19
6.1<= 6.1.18>= 6.1.19

Severity: HIGH

CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Weakness Type

CWE-399 Resource Management Errors

Solution

PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.13 and later, PAN-OS 8.0.6 and later

Workarounds and Mitigations

This vulnerability is only available when the GlobalProtect gateway or portal is running.

Acknowledgments

Palo Alto Networks would like to thank Craig Stephen and Martin Ferris from Net Consulting for reporting this issue to us.

Timeline

Updated credit statement
Initial publication
© 2020 Palo Alto Networks, Inc. All rights reserved.