Palo Alto Networks firewalls offer a web interface to manage all aspects of the device. A denial of service condition was identified in this process (Ref # 89984).
A third party could remotely disrupt the web management process and cause a management delay before the device resumes normal management operations.
This issue affects PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.2 and earlier
|PAN-OS 7.1||<= 7.1.2||>= 7.1.3|
|PAN-OS 7.0||<= 7.0.8||>= 7.0.9|
|PAN-OS 6.1||<= 6.1.12||>= 6.1.13|
|PAN-OS 6.0||<= 6.0.13||>= 6.0.14|
|PAN-OS 5.1||<= 5.1.11||>= 5.1.12|
CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.9 and later; PAN-OS 7.1.3 and later
Palo Alto Networks recommends implementing a best practice of allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.