Operating System:

[Appliance]

Published:

20 August 2018

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ASB-2018.0200 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0200
   PAN-SA-2018-0010 Denial of Service in PAN-OS Management Web Interface
                              20 August 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Palo Alto PAN-OS
Operating System:     Network Appliance
                      PAN-OS
Impact/Access:        Denial of Service -- Existing Account
Resolution:           Patch/Upgrade
Member content until: Wednesday, September 19 2018

OVERVIEW

        Palo Alto Networks has addressed a denial of service vulnerability in 
        PAN-OS version 8.1.2 and earlier. [1]


IMPACT

        The vendor provided the following detail on the vulnerability:
        
        "A Denial of Service exists in PAN-OS Management Web Interface that
        allows an authenticated user to shut down all management sessions, 
        resulting in all logged in users to be redirected to the login 
        page." [1]


MITIGATION

        The vendor recommends updating to PAN-OS 8.1.3 and later. [1]


REFERENCES

        [1] PAN-SA-2018-0010 Denial of Service in PAN-OS Management Web
            Interface
            https://securityadvisories.paloaltonetworks.com/Home/Detail/129

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW3o0BGaOgq3Tt24GAQgtmg//aKfg7ILu6GS1NBZ6RGLg5YWNBq5Wnit7
1F3A8NqEUOxTTK57sPVL7CpOGAN6tnSEO26f9YJZ6rrxl2npuInKs9PNsGy4wJx0
8N57mKT3nGJPvpALnKu6jqykTIU0tp+PURNnEuusWQzibB4uSEd2aZ7Nj+sKJUgY
YQ9BlJXkegYGbgSbYxpPL3B96iHyCgTAbwbmQJqfk3oI0/CgVVP99KZpikNEBoxI
kqTADjHPQpOkm3kdHgNKds7RsRT85V79PemnZ5o6cY/bt7v8m0nQOqzNH/WDg9Tx
C4AqVMuB8e4YnfxdcuJbu9XGbLZMPD7Y/m2/IyekUrkBsRdMVdYTrwA8OHzLrhW1
kx49mgK7JsgfbgR0kjCi4lIRJ4KI4k5FtMsjhnUb+dYFJemc+ETpM2JiXPMAgeNK
A20Rth4rq9oUP8NzBTs/CVHCVo7eEn2VxdVFVQrv9iVEX0NVoRdAqlmB9hPGaoJD
lQK4TRpKnLuzwByJJWcfSgD0K5iEYTxcszI/HIPkkm5f23n138H4EvOsTLwJN3/9
rT8xVj4/sAJgxReykyBDjjoV3eRFVPhkyfJJCdgXxr6uhTY7rij7G7mzcfU5O5CB
eqg/oA35bUIUZFz6SKFoXID+2m5CekU56zPahfOhsPCqWrfypJIzo3pXoI3gedqN
2Rn1UpxXnE4=
=fg75
-----END PGP SIGNATURE-----