Local Privilege Escalation in Terminal Services Agent (PAN-SA-2017-0001)

Last revised: 01/26/2017

Summary

A local privilege escalation vulnerability exists Terminal Services Agent (ref # PAN-67756 / CVE-2017-5329).

Severity: Medium

Terminal Services Agent contains a vulnerability that may allow for an out of bounds write. Successful exploitation of this issue may allow an attacker to elevate their permissions.

Products Affected

Terminal Services Agent 6.0; Terminal Services Agent 7.0.6 and earlier

Available Updates

Terminal Services Agent 7.0.7 and later

Workarounds and Mitigations

N/A

Acknowledgements

Palo Alto Networks would like to thank Parvez Anwar from Verizon for reporting this issue to us.