This security bulletin contains one medium risk vulnerability.
CWE-16 - Configuration
Exploit availability: NoDescription
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to insecure configuration of the appweb daemon. A remote attacker can send a specifically crafted request to the device and crash the service.
Install updates from vendor's website.Vulnerable software versions
Palo Alto PAN-OS: 8.1 - 8.1.15, 8.0 - 8.0.21
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?