Denial of Service Against GlobalProtect (PAN-SA-2017-0025)

Last revised: 12/15/2017

Summary

A vulnerability exists in PAN-OS that could lead to denying access to GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. (Ref # PAN-78127 / CVE-2017-15942)

Severity: High

PAN-OS contains a vulnerability in GlobalProtect that may allow a non-authenticated third party to mount a Denial of Service attack against the GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. This vulnerability is only available when the GlobalProtect gateway or portal is running.

Products Affected

PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, PAN-OS 7.1.12 and earlier, PAN-OS 8.0.5 and earlier

Available Updates

PAN-OS 6.1.19 and later, PAN-OS 7.0.19 and later, PAN-OS 7.1.13 and later, PAN-OS 8.0.6 and later

Workarounds and Mitigations

This vulnerability is only available when the GlobalProtect gateway or portal is running.

Acknowledgements

Palo Alto Networks would like to thank Craig Stephen from Net Consulting for reporting this issue to us