Palo Alto Networks Security Advisories / CVE-2014-9708

CVE-2014-9708 Web interface denial of service

047910
Severity 5.3 · MEDIUM
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact NONE
Privileges Required NONE
Integrity Impact NONE
User Interaction NONE
Availability Impact LOW
NVD JSON
Published 2016-10-11
Updated
Reference PAN-64917 and 105311 PAN-SA-2016-0027

Description

Palo Alto Networks web management server is vulnerable to a denial-of-service attack. (Ref # PAN-64917/105311) (CVE-2014-9708)

This pre-authenticated denial-of-service attack could disrupt the web management interface.

This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.1<= 7.1.5>= 7.1.6
PAN-OS 7.0<= 7.0.10>= 7.0.11
PAN-OS 6.1<= 6.1.14>= 6.1.15
PAN-OS 6.0<= 6.0.14>= 6.0.15
PAN-OS 5.1<= 5.1.12>= 5.1.13
PAN-OS 5.0<= 5.0.19>= 5.0.20

Severity: MEDIUM

CVSSv3.1 Base Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Weakness Type

Solution

PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later

Workarounds and Mitigations

Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.

Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.