PAN-SA-2016-0022 Remote Text File Access on Traps Endpoint Server Management
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact NONE
User Interaction NONE
Availability Impact NONE
Description
The Traps ESM Server license mechanism allows for remote license validation. The unintended ability to download text files using this subsystem was recently identified. (Ref # CYV-8717).
This vulnerability can be used to remotely retrieve text files stored on the Traps ESM.
This issue affects Traps ESM Core version 3.3.3 and earlier
Product Status
Versions | Affected | Unaffected |
---|---|---|
Traps ESM Core 3.3 | <= 3.3.3 | >= 3.3.4 |
Severity:HIGH
CVSSv3.1 Base Score:7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Weakness Type
Solution
Traps ESM Core version 3.3.4 and later
Workarounds and Mitigations
N/A
Acknowledgments
Chen ChingRu