PAN-SA-2016-0022 Remote Text File Access on Traps Endpoint Server Management
Attack Vector
NETWORK
Scope
UNCHANGED
Attack Complexity
LOW
Confidentiality Impact
HIGH
Privileges Required
NONE
Integrity Impact
NONE
User Interaction
NONE
Availability Impact
NONE
Description
The Traps ESM Server license mechanism allows for remote license validation. The unintended ability to download text files using this subsystem was recently identified. (Ref # CYV-8717).
This vulnerability can be used to remotely retrieve text files stored on the Traps ESM.
This issue affects Traps ESM Core version 3.3.3 and earlier
Product Status
Versions | Affected | Unaffected |
---|---|---|
Traps ESM Core 3.3 | <= 3.3.3 | >= 3.3.4 |
Severity: HIGH
CVSSv3.1 Base Score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Solution
Traps ESM Core version 3.3.4 and later
Workarounds and Mitigations
N/A
Acknowledgments
Palo Alto Networks thanks Chen ChingRu for discovering and reporting the issue.