Palo Alto Networks PAN-OS 7.0.x < 7.0.12 Multiple Vulnerabilities

high Nessus Plugin ID 95925

Synopsis

The remote host is affected by multiple denial of service vulnerabilities.

Description

The version of Palo Alto Networks PAN-OS running on the remote host is 7.0.x prior to 7.0.12. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists when processing IPv6 traffic matching a predict session. An unauthenticated, remote attacker can exploit this to cause the dataplane to restart.

- A denial of service vulnerability exists under the HA active-active configuration when handling out-of-order jumbo packets. An unauthenticated, remote attacker can exploit this to cause a failover to occur.

- A denial of service vulnerability exists when processing packets that have an incorrectly set IPv4 Reserved flag.
An unauthenticated, remote attacker can exploit this to cause the dataplane to restart.

Solution

Upgrade to Palo Alto Networks PAN-OS version 7.0.12 or later.

See Also

http://www.nessus.org/u?43ffd409

Plugin Details

Severity: High

ID: 95925

File Name: palo_alto_pan-os_7_0_12.nasl

Version: 1.5

Type: combined

Published: 12/19/2016

Updated: 1/2/2019

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/o:paloaltonetworks:pan-os

Required KB Items: Host/Palo_Alto/Firewall/Version, Host/Palo_Alto/Firewall/Full_Version

Patch Publication Date: 12/8/2016

Vulnerability Publication Date: 12/8/2016