CVE-2018-18065 Denial of Service in PAN-OS Management Interface

Palo Alto Networks Security Advisories / CVE-2018-18065

CVE-2018-18065 Denial of Service in PAN-OS Management Interface

Severity 6.5 · MEDIUM

Attack Vector NETWORK

Scope UNCHANGED

Attack Complexity LOW

Confidentiality Impact NONE

Privileges Required LOW

Integrity Impact NONE

User Interaction NONE

Availability Impact HIGH

NVD JSON

Published 2019-03-20

Updated

Reference PAN-106922 PAN-SA-2019-0007

Discovered internally

Description

A Denial of Service vulnerability exists in the SNMP library that affects PAN-OS Management Interface. (Ref # PAN-106922, CVE-2018-18065).

Successful exploitation of this issue would allow a remote unauthenticated user to cause the SNMP daemon to crash, resulting in a denial of service. The unauthenticated user would already have to have access to the management interface to make this vulnerability work.

This issue affects PAN-OS 7.1.22 and earlier, PAN-OS 8.0.15 and earlier, PAN-OS 8.1.6 and earlier. PAN-OS 9.0 is NOT affected

Product Status

Versions	Affected	Unaffected
PAN-OS 8.1	<= 8.1.6	>= 8.1.7
PAN-OS 8.0	<= 8.0.15	>= 8.0.16
PAN-OS 7.1	<= 7.1.22	>= 7.1.23

Severity: MEDIUM

CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Weakness Type

CWE-476 NULL Pointer Dereference

Solution

PAN-OS 7.1.23 and later, PAN-OS 8.0.16 and later, and PAN-OS 8.1.7 and later.

Workarounds and Mitigations

This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS 9.0 technical documentation, available at:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html.