Palo Alto Networks Security Advisories / PAN-SA-2016-0026

PAN-SA-2016-0026 GlobalProtect Portal Version Disclosure

Severity 0 · NONE
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction NONE
Confidentiality Impact NONE
Integrity Impact NONE
Availability Impact NONE


A Palo Alto Networks firewall configured to host the GlobalProtect Portal advertises its running PAN-OS version. (Ref # PAN-60568/99786)

This information disclosure does not lead to a device compromise or a disallowed access.

This issue affects PAN-OS 7.0.9 and earlier; PAN-OS 7.1.4 and earlier

Product Status

PAN-OS 7.1<= 7.1.4>= 7.1.5
PAN-OS 7.0<= 7.0.9>= 7.0.10

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)

Weakness Type


PAN-OS 7.0.10 and later; PAN-OS 7.1.5 and later

Workarounds and Mitigations

The GlobalProtect Portal requires installation on only a single device of the entire security architecture. Customers concerned by this information disclosure can choose to disable the web interface portal in order to deflect attention away from the presence of GlobalProtect.


Mikail Tunç
© 2020 Palo Alto Networks, Inc. All rights reserved.