CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.0%
Palo Alto Networks makes use of a 3rd-party component impacted by CVE-2018-8715. This issue has been confirmed to present a risk for denial of service to the PAN-OS Management Web Interface. (Ref # PAN-93089, CVE-2018-8715)
A specially crafted HTTP POST request with an invalid “If-modified" header field may cause a NULL dereference and cause a denial of service condition. This vulnerability can be triggered without login or authentication and could result in a crash of the management service.
This issue affects PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.0. Global Protect is NOT affected.
Work around:
This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the management interface of PAN-OS. Our best practices guidelines reduce the exposure of the management interface to potential attackers. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation, available at: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/best-practices-for-securing-administrative-access.
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.0%