CVE-2012-6597 — Improper Input Validation in Paloaltonetworks Pan-os

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.3MEDIUMNVD

EPSS

0.4%

top 42.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Paloaltonetworks Pan-os Paloalto Pan-os

Timeline

PublishedAug 31

Latest updateMay 13

Description

Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 6.8 | Impact: 6.9

Affected Packages2 packages

▶NVDpaloaltonetworks/pan-os3.1.10+10

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-qmgw-9vx3-62cx: Palo Alto Networks PAN-OS before 3↗2022-05-13

▶

CVEList

CVE-2012-6597: Palo Alto Networks PAN-OS before 3↗2013-08-31

▶

📋Vendor Advisories

Palo Alto

Management Server DOS Vulnerability↗2012-04-27

▶