CVE-2012-6597
published 2013-08-31CVE-2012-6597: Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by…
PriorityP427medium6.3CVSS 2.0
AVNACMAuSCNINAC
EPSS
1.32%
67.4th percentile
Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 3.1.10 | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qmgw-9vx3-62cx: Palo Alto Networks PAN-OS before 3
ghsa_unreviewed·2022-05-13
CVE-2012-6597 [MEDIUM] CWE-20 GHSA-qmgw-9vx3-62cx: Palo Alto Networks PAN-OS before 3
Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254.
Palo Alto
Management Server DOS Vulnerability
vendor_paloalto·2012-04-27·CVSS 6.3
CVE-2012-6597 [MEDIUM] CWE-20 Management Server DOS Vulnerability
Management Server DOS Vulnerability
An issue exists whereby the management server of the device can be crashed when an authenticated users sends a specially crafted command via the command line interface. (Ref #35254)
This issue results in the unavailability of the management server of the device. The attacker must be an authenticated user of the device.
This issue affects PAN-OS 4.0.8 and earlier; PAN-OS 3.1.10 and earlier.
Affected products: PAN-OS
Solution: PAN-OS 4.0.9 and later; PAN-OS 3.1.11 and later.
Workaround: This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-08-31
Published