Palo Alto Networks Security Advisories
PAN-SA-2016-0022 Remote Text File Access on Traps Endpoint Server Management
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction NONE
Confidentiality Impact HIGH
Integrity Impact NONE
Availability Impact NONE
Reference CYV-8717 PAN-SA-2016-0022
The Traps ESM Server license mechanism allows for remote license validation. The unintended ability to download text files using this subsystem was recently identified. (Ref # CYV-8717).
This vulnerability can be used to remotely retrieve text files stored on the Traps ESM.
This issue affects Traps ESM Core version 3.3.3 and earlier
|Traps ESM Core 3.3||<= 3.3.3||>= 3.3.4|
CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Traps ESM Core version 3.3.4 and later
Workarounds and Mitigations
© 2020 Palo Alto Networks, Inc. All rights reserved.