Information disclosure in Palo Alto PAN-OS - #VU781
Published: October 6, 2016 / Updated: October 6, 2016
Vulnerability identifier: #VU781
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Palo Alto Networks, Inc.
Affected software:
Palo Alto PAN-OS
Palo Alto PAN-OS
Detailed vulnerability description
The vulnerability allows a remote user to obtain potentially sensitive data on the target system.
The weakness is caused by improper access control. Connecting to the GlobalProtect Portal web interface attackers can determine the PAN-OS version number.
Successful exploitation of the vulnerability may result in disclosure of system information on the vulnerable system.
The weakness is caused by improper access control. Connecting to the GlobalProtect Portal web interface attackers can determine the PAN-OS version number.
Successful exploitation of the vulnerability may result in disclosure of system information on the vulnerable system.
Remediation
Update to version 7.0.10 or 7.1.5.