Palo Alto Networks Security Advisories / CVE-2018-8715

CVE-2018-8715 Denial of Service in PAN-OS Management Web Interface

Severity 8.1 · HIGH
Attack Vector NETWORK
Attack Complexity HIGH
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact HIGH
User Interaction NONE
Availability Impact HIGH


Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715. This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface. (Ref # PAN-93089, CVE-2018-8715)

A specially crafted HTTP POST request with an invalid “If-modified" header field may cause a NULL dereference and cause a denial of service condition. This vulnerability can be triggered without login or authentication and could result in a crash of the management service.

This issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.0. Global Protect is NOT affected.

Product Status

PAN-OS 8.1None>= 8.1.1
PAN-OS 8.0<= 8.0.9>= 8.0.10
PAN-OS 7.1<= 7.1.16>= 7.1.17
PAN-OS 6.1<= 6.1.20>= 6.1.21


CVSSv3.1 Base Score:8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Weakness Type

CWE-287 Improper Authentication


PAN-OS 6.1.21 and later, PAN-OS 7.1.17 and later, PAN-OS 8.0.10 and later, and PAN-OS 8.1.1 and later.

Workarounds and Mitigations

This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at:

© 2023 Palo Alto Networks, Inc. All rights reserved.