An information disclosure vulnerability exists in the Terminal Server (TS) agent. Session information may be disclosed due to insecure permissions (WINAGENT-43 / CVE-2017-6356).
The information disclosure is limited to session information.
This issue affects TS agent 6.0, TS agent 7.0, and TS agent 8.0.
Versions | Affected | Unaffected |
---|---|---|
Terminal Server Agent 8.0 | None | >= 8.0.1 |
CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CWE-732 Incorrect Permission Assignment for Critical Resource
TS agent 8.0.1 and later releases.
We recommend customers use custom certificates when using the TS agent. Further details on using customer certificates can be reviewed at:
TS agent is fully backwards compatible with all currently supported versions of PAN-OS software. Customers using TS agents 6.0 and 7.0 can use TS agent 8.0.1.