Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2016.0076 Multiple vulnerablities have been identified in PAN-OS 20 July 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Palo Alto Networks firewalls Operating System: PAN-OS Network Appliance Impact/Access: Increased Privileges -- Existing Account Cross-site Scripting -- Remote with User Interaction Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-1712 Member content until: Friday, August 19 2016 OVERVIEW Multiple vulnerablities have been identified in PAN-OS prior to versions 5.0.19, 5.1.12, 6.0.14, 6.1.12, 7.0.8. [1 - 5] IMPACT The vendor has provided the following details regarding the issues: Palo Alto Networks firewalls do not properly sanitize the root_reboot local invocation which can potentially allow executing code with higher privileges (Ref. 92293) (CVE-2016-1712).[1] You can configure Palo Alto Networks firewalls to host a web-based Captive Portal to authenticate users. A denial of service condition was identified in this subsystem (Ref. 92413). [2] Palo Alto Networks firewalls running the PAN-OS web interface are subject to a cross-site scripting vulnerability (Ref. 93072). [3] Palo Alto Networks firewalls use the cron infrastructure to perform household system cleanup at regular intervals. Due to an error in user input normalization, a file locally created by an end user and placed in a specific directory could be executed in a higher privilege context (Ref. 93612). [4] Palo Alto Networks firewall administrators have the ability to assign predefined permissions to users created on PAN-OS. A read-only user with CLI access could elevate web interface privileges. (Ref. 88191) [5] MITIGATION The vendor recommends updating to version PAN-OS releases 5.0.19, 5.1.12, 6.0.14, 6.1.12, 7.0.8 to correct the issues. [1 - 5] REFERENCES [1] Local privilege escalation (PAN-SA-2016-0012) https://securityadvisories.paloaltonetworks.com/Home/Detail/45 [2] Captive Portal denial of service (PAN-SA-2016-0013) https://securityadvisories.paloaltonetworks.com/Home/Detail/46 [3] Cross-site scripting issue in policy (PAN-SA-2016-0014) https://securityadvisories.paloaltonetworks.com/Home/Detail/47 [4] Cron local privilege escalation (PAN-SA-2016-0015) https://securityadvisories.paloaltonetworks.com/Home/Detail/48 [5] Web interface privilege escalation (PAN-SA-2016-0016) https://securityadvisories.paloaltonetworks.com/Home/Detail/49 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV48Nl4x+lLeg9Ub1AQjtKQ/+Ihr7eDHlxDCuBdDKtlRBmhEJDGVyuQsj FFfL7pbLM5mHz/DFHSb3GDPulnBAGJ43GZqJElu2miDadP89TrNZOgG53DlqNIPk eRWQlLE7H7KTUtgYeClKpwYk6HoKTI/Myjw3GRi+AQjURDA9ciKHWtJYwjV5jBXK RMamiwzXfPC+CfBHXF8qTcHk4SICaYmEBOYLNu1uOme/lvk5h4SVlkhvCICwS2qA KbnnGBib1LSo8s9hGdRTLrLkf/fBVZoxLVfucTBSOLkzGBr7JpfO7lIx+cn8y1rZ i6U6Xa3+Js8tGvjnMLSA18L8d+SltCDWBJKEWdBgvB7tCYDeWRTAeIfAseUgzHXx rOZ/caQZxo/gvEereIsrPwQR65SRn6hzF4cBq9Lcdmh461tEP5O2RVaRFNSvG0aS F5lgD2Ym1eAM9+hzeNT03WisOzUM/x04OHOmYik0neof0o03qVl8LgHrccwr7ilJ vi0+91PYax3Kkve5N1NDX1qKpJbRvXWwNjKB2N6DNhvFgv+mZCkorjjCuSXGEjPU lylLYcFFP1T3YDAQkovqy4TcSs+hBLzivVL+g0On7d1nZA4rJgcvRTgAdv6r5CAu uc4OjJVzG/eh3UlYcJS5QC/BVjmISq1cZkR2ZjC60NlcVeV5iYcMNsl0yppusIkT sHgUiHAkWkk= =p/0D -----END PGP SIGNATURE-----