Palo Alto Networks Security Advisories / PAN-SA-2016-0026

PAN-SA-2016-0026 GlobalProtect Portal Version Disclosure


047910
Severity 0 · NONE
Attack Vector Not applicable
Scope Not applicable
Attack Complexity Not applicable
Confidentiality Impact NONE
Privileges Required Not applicable
Integrity Impact NONE
User Interaction Not applicable
Availability Impact NONE
JSON
Published 2016-10-04
Updated 2016-10-04
Reference PAN-60568 and 99786 PAN-SA-2016-0026

Description

A Palo Alto Networks firewall configured to host the GlobalProtect Portal advertises its running PAN-OS version. (Ref # PAN-60568/99786)

This information disclosure does not lead to a device compromise or a disallowed access.

This issue affects PAN-OS 7.0.9 and earlier; PAN-OS 7.1.4 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.1<= 7.1.4>= 7.1.5
PAN-OS 7.0<= 7.0.9>= 7.0.10

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)

Weakness Type

Solution

PAN-OS 7.0.10 and later; PAN-OS 7.1.5 and later

Workarounds and Mitigations

The GlobalProtect Portal requires installation on only a single device of the entire security architecture. Customers concerned by this information disclosure can choose to disable the web interface portal in order to deflect attention away from the presence of GlobalProtect.

Acknowledgments

Mikail Tunç
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.