Palo Alto Networks Security Advisories / PAN-SA-2016-0010

PAN-SA-2016-0010 Update Server API Exposure

047910
Severity 0 · NONE
Attack Vector Not applicable
Scope Not applicable
Attack Complexity Not applicable
Confidentiality Impact NONE
Privileges Required Not applicable
Integrity Impact NONE
User Interaction Not applicable
Availability Impact NONE
JSON
Published 2016-07-01
Updated
Reference PAN-SA-2016-0010

Description

The Palo Alto Networks update server enables downloading of PAN-OS software releases and dynamic updates through a public API. Some functions of the API were inadvertently exposed to the public.

API functions publicly available and exclusively used by internal workflow allowed for remote call. This did not affect Palo Alto Networks customers’ security posture, but some Palo Alto Networks update server data could be accessed.

This issue affects Palo Alto Networks update server

Product Status

VersionsAffectedUnaffected
Update server none

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)

Weakness Type

Solution

N/A

Workarounds and Mitigations

API functions that are utilized only by Palo Alto Networks backend systems have been migrated to an internal-facing only server. Externally facing functions that were deprecated or unused have been removed from the public-facing server.

Acknowledgments

Mikail Tunç
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.