Main Vulnerability Database Vulnerabilities #VU7588

Improper input validation in Palo Alto PAN-OS - CVE-2017-8390

Published: July 21, 2017 / Updated: July 25, 2017

Vulnerability identifier: #VU7588

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-8390

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Palo Alto Networks, Inc.

Affected software:
Palo Alto PAN-OS

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an unspecified error when processing fully qualified domain name (FQDN) in the DNS Proxy . A remote attacker can send send a specially crafted DNS request to the DNS Proxy and execute arbitrary code on vulnerable device.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable device.

How to mitigate CVE-2017-8390

Update to version 6.1.18, 7.0.16, 7.1.10 or 8.0.3.

Sources

http://securityadvisories.paloaltonetworks.com/Home/Detail/91

Improper input validation in Palo Alto PAN-OS - CVE-2017-8390

Detailed vulnerability description

How to mitigate CVE-2017-8390

Sources

Please verify you're human