Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.PALO_ALTO_PAN-SA-2019-0007.NASL
HistoryApr 02, 2019 - 12:00 a.m.

Palo Alto Networks < 7.1.23 / 8.0.x < 8.0.16 / 8.1.x < 8.1.7 Denial of Service vulnerability (PAN-SA-2019-0007)

2019-04-0200:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.004 Low

EPSS

Percentile

74.5%

JSON

The version of Palo Alto Networks PAN-OS running on the remote host is prior to 7.1.23 or 8.0.x prior to 8.0.16 or 8.1.x prior to 8.1.7.
It is, therefore, affected by a denial of service (DoS) vulnerability in its SNMP library component. An authenticated, remote attacker could exploit this issue to cause the system to stop responding.(CVE-2018-18065

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(123557);
  script_version("1.3");
  script_cvs_date("Date: 2020/02/18");

  script_cve_id("CVE-2018-18065");
  script_bugtraq_id(106265);

  script_name(english:"Palo Alto Networks  < 7.1.23 / 8.0.x < 8.0.16 / 8.1.x < 8.1.7 Denial of Service vulnerability (PAN-SA-2019-0007)");
  script_summary(english:"Checks the PAN-OS version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a Denial of Service (DoS) vulnerability.");
  script_set_attribute(attribute:"description",value:
"The version of Palo Alto Networks PAN-OS running on the remote host
is prior to 7.1.23 or 8.0.x prior to 8.0.16 or 8.1.x prior to 8.1.7.
It is, therefore, affected by a denial of service (DoS) vulnerability 
in its SNMP library component. An authenticated, remote attacker could
exploit this issue to cause the system to stop responding.(CVE-2018-18065");
  #https://securityadvisories.paloaltonetworks.com/Home/Detail/144
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?385b26fd");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Palo Alto Networks PAN-OS version 7.1.23 / 8.0.16 / 8.1.7 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18065");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/02");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:paloaltonetworks:pan-os");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Palo Alto Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("palo_alto_version.nbin");
  script_require_keys("Host/Palo_Alto/Firewall/Full_Version");

  exit(0);
}

include('vcf.inc');
include('http_func.inc');

app_name = 'Palo Alto Networks PAN-OS';
port = get_http_port(default:443);

app_info = vcf::get_app_info(app:app_name, kb_ver:'Host/Palo_Alto/Firewall/Full_Version', port:port, webapp:true);

vcf::check_granularity(app_info:app_info, sig_segments:2);

constraints = [
  { 'fixed_version' : '7.1.23' },
  { 'min_version' : '8.0', 'fixed_version' : '8.0.16' },
  { 'min_version' : '8.1', 'fixed_version' : '8.1.7' }
];
 
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
paloaltonetworkspan-oscpe:/o:paloaltonetworks:pan-os

Related

openvas 14
nessus 15
redhatcve 1
ubuntucve 1
cve 1
osv 3
cvelist 1
paloalto 1
debian 2
nvd 1
prion 1
veracode 1
ubuntu 3
suse 3
debiancve 1
ics 1
fedora 1
archlinux 1
ibm 3
photon 4
rosalinux 1
oracle 1
openvas
openvas
Debian: Security Advisory (DSA-4314-1)
2018-10-10 00:00:00
Ubuntu: Security Advisory (USN-3792-1)
2018-10-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3319-1)
2021-04-19 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Net-SNMP vulnerability (USN-3792-1)
2018-10-16 00:00:00
Fedora 29 : 1:net-snmp (2018-042156f164)
2019-01-03 00:00:00
Debian DSA-4314-1 : net-snmp - security update
2018-10-12 00:00:00
redhatcve
redhatcve
CVE-2018-18065
2018-10-09 14:20:23
ubuntucve
ubuntucve
CVE-2018-18065
2018-10-08 00:00:00
cve
cve
CVE-2018-18065
2018-10-08 18:29:00
osv
osv
net-snmp - security update
2018-10-09 00:00:00
net-snmp - security update
2018-10-11 00:00:00
CVE-2018-18065
2018-10-08 18:29:00
cvelist
cvelist
CVE-2018-18065
2018-10-08 18:00:00
paloalto
paloalto
Denial of Service in PAN-OS Management Interface
2019-03-20 21:20:00
debian
debian
[SECURITY] [DSA 4314-1] net-snmp security update
2018-10-11 19:40:56
[SECURITY] [DSA 4314-1] net-snmp security update
2018-10-11 19:40:56
nvd
nvd
CVE-2018-18065
2018-10-08 18:29:00
prion
prion
Null pointer dereference
2018-10-08 18:29:00
veracode
veracode
Denial Of Service (DoS)
2018-10-09 06:23:50
ubuntu
ubuntu
Net-SNMP vulnerability
2018-10-15 00:00:00
Net-SNMP vulnerability
2018-10-22 00:00:00
Net-SNMP vulnerability
2018-10-16 00:00:00
suse
suse
Security update for net-snmp (important)
2018-10-27 00:17:44
Security update for net-snmp (important)
2018-10-24 15:16:26
Security update for opera (important)
2022-02-25 00:00:00
debiancve
debiancve
CVE-2018-18065
2018-10-08 18:29:00
ics
ics
Siemens Industrial Products SNMP (Update F)
2022-04-14 12:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: net-snmp-5.8-3.fc29
2018-12-02 08:28:31
archlinux
archlinux
[ASA-201810-11] net-snmp: multiple issues
2018-10-17 00:00:00
ibm
ibm
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private MongoDB
2019-03-07 20:15:02
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Logging
2019-03-07 20:10:01
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u
2018-12-05 22:20:01
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0118
2019-01-07 00:00:00
Important Photon OS Security Update - PHSA-2019-0118
2019-01-07 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0203
2019-01-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1929
2021-07-02 17:32:57
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.004 Low

EPSS

Percentile

74.5%

JSON
Related for PALO_ALTO_PAN-SA-2019-0007.NASL
openvas14nessus15redhatcve1ubuntucve1cve1osv3cvelist1paloalto1debian2nvd1prion1veracode1ubuntu3suse3debiancve1ics1fedora1archlinux1ibm3photon4rosalinux1oracle1