Palo Alto Networks Security Advisories / CVE-2016-4971

CVE-2016-4971 WGET Vulnerability

047910
Severity 8.8 · HIGH
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact HIGH
User Interaction REQUIRED
Availability Impact HIGH
NVD JSON
Published 2017-05-23
Updated
Reference PAN-59677 and 2016-4971 PAN-SA-2017-0016

Description

The wget library has been found to contain a vulnerability (CVE 2016-4971). wget allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Palo Alto Networks software makes use of the vulnerable library and may be affected. (Ref # PAN-59677/ CVE 2016-4971)

Successfully exploiting this issue would require an attacker to be authenticated on the Management Interface.

This issue affects PAN-OS 6.1.16 and earlier, PAN-OS 7.0.14 and earlier, PAN-OS 7.1.9 and earlier, PAN-OS 8.0

Product Status

VersionsAffectedUnaffected
PAN-OS 8.0None>= 8.0.1
PAN-OS 7.1<= 7.1.9>= 7.1.10
PAN-OS 7.0<= 7.0.14>= 7.0.15
PAN-OS 6.1<= 6.1.16>= 6.1.17

Severity: HIGH

CVSSv3.0 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Weakness Type

CWE-254

Solution

PAN-OS 6.1.17 and later, PAN-OS 7.0.15 and later, PAN-OS 7.1.10 and later, PAN-OS 8.0.1 and later

Workarounds and Mitigations

Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.

Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.