CVE-2016-3657
published 2016-04-12CVE-2016-3657: Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows…
PriorityP353critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.77%
90.8th percentile
Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 5.0.0 < 5.0.18 | 5.0.18 |
| paloaltonetworks | pan-os | >= 5.1 < 5.1.11 | 5.1.11 |
| paloaltonetworks | pan-os | >= 6.0.0 < 6.0.13 | 6.0.13 |
| paloaltonetworks | pan-os | >= 6.1.0 < 6.1.10 | 6.1.10 |
| paloaltonetworks | pan-os | 7.0.0 – 7.0.5 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface
vendor_paloalto·2016-02-24·CVSS 9.8
CVE-2016-3657 [CRITICAL] CWE-119 Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface
Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface
When a PAN-OS device is configured as a GlobalProtect portal, a vulnerability exists where an improper handling of a buffer involved in the processing of SSL VPN requests can result in device crash and possible remote code execution. (Ref. #89752) (CVE-2016-3657)
An attacker with network access to the vulnerable GlobalProtect portal may be able to perform a denial-of-service (DoS) attack on the device, and may be able to perform remote code execution on the affected device.
This issue affects PAN-OS releases 5.0.17 and prior; 6.0.12 and prior; 6.1.9 and prior; 7.0.4 and prior
Affected products: PAN-OS
Solution: PAN-OS releases 5.0.18 and newer; 6.0.13 and newer; 6.1.10 and newer; 7.0.5 and newer
Workaround: Emergenc
GHSA
GHSA-pmhc-wcpm-7vcv: Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5
ghsa_unreviewed·2022-05-13
CVE-2016-3657 [CRITICAL] CWE-119 GHSA-pmhc-wcpm-7vcv: Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5
Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code via an SSL VPN request.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-04-12
Published