Palo Alto Networks Security Advisories / PAN-SA-2016-0024

PAN-SA-2016-0024 Web interface denial of service


047910
Severity 5.3 · MEDIUM
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact NONE
Privileges Required NONE
Integrity Impact NONE
User Interaction NONE
Availability Impact LOW
JSON CSAF
Published 2016-09-08
Updated 2016-09-08
Reference 89984, PAN-SA-2016-0024

Description

Palo Alto Networks firewalls offer a web interface to manage all aspects of the device. A denial of service condition was identified in this process (Ref # 89984).

A third party could remotely disrupt the web management process and cause a management delay before the device resumes normal management operations.

This issue affects PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.2 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.1<= 7.1.2>= 7.1.3
PAN-OS 7.0<= 7.0.8>= 7.0.9
PAN-OS 6.1<= 6.1.12>= 6.1.13
PAN-OS 6.0<= 6.0.13>= 6.0.14
PAN-OS 5.1<= 5.1.11>= 5.1.12

Severity: MEDIUM

CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Solution

PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.9 and later; PAN-OS 7.1.3 and later

Workarounds and Mitigations

Palo Alto Networks recommends implementing a best practice of allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.

Acknowledgments

Palo Alto Networks thanks Itzik Chen for discovering and reporting the issue."
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.