CVE-2016-9150
published 2016-11-19CVE-2016-9150: Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15…
PriorityP274critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
34.78%
98.2th percentile
Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 5.0.0 < 5.0.20 | 5.0.20 |
| paloaltonetworks | pan-os | >= 5.1 < 5.1.13 | 5.1.13 |
| paloaltonetworks | pan-os | >= 6.0.0 < 6.0.15 | 6.0.15 |
| paloaltonetworks | pan-os | >= 6.1.0 < 6.1.15 | 6.1.15 |
| paloaltonetworks | pan-os | >= 7.0.0 < 7.0.11 | 7.0.11 |
| paloaltonetworks | pan-os | >= 7.1.0 < 7.1.6 | 7.1.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to the unauthenticated endpoint /unauth/php/errorPage.php with a 'code' parameter containing floating-point/scientific notation values (e.g., 1e16) which trigger the mprItoa() buffer overflow in appweb3. ↗
- →Alert on heap corruption or double-free crash signals from the appweb3 process (/usr/local/bin/appweb3 or libappweb3.so.1), which indicate exploitation attempts against the management web interface. ↗
- →The vulnerability is exploitable without authentication; restrict management web interface access to dedicated management networks and limit source IPs to authorized hosts to reduce attack surface. ↗
- ·The vulnerable endpoint /unauth/php/errorPage.php is accessible without authentication on default PAN-OS installations, meaning no credentials are required to trigger the overflow. ↗
- ·PAN-OS ships with an EOL (end-of-life since 2012) version of the appweb3 embedded web server, meaning the underlying vulnerable component (mprItoa in libappweb3.so.1) receives no upstream security updates; patching PAN-OS itself is the only remediation path. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-74mq-8qhr-9592: Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5
ghsa_unreviewed·2022-05-13
CVE-2016-9150 [CRITICAL] CWE-119 GHSA-74mq-8qhr-9592: Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5
Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.
Palo Alto
Buffer Overflow in the Management Web Interface
vendor_paloalto·2016-11-17·CVSS 9.8
CVE-2016-9150 [CRITICAL] CWE-119 Buffer Overflow in the Management Web Interface
Buffer Overflow in the Management Web Interface
Palo Alto Networks web management server improperly handles a buffer overflow. This can result in a possible remote code execution (RCE). (Ref # PAN-63073/102953/CVE-2016-9150)
An attacker with network access to the management web interface may be able to perform a remote code execution (RCE) or denial-of-service (DoS).
This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier
Affected products: PAN-OS
Solution: PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later
Workaround: Palo Alto Networks recommends to implement best pra
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/94399http://www.securitytracker.com/id/1037382https://security.paloaltonetworks.com/CVE-2016-9150https://www.exploit-db.com/exploits/40790/http://www.securityfocus.com/bid/94399http://www.securitytracker.com/id/1037382https://security.paloaltonetworks.com/CVE-2016-9150https://www.exploit-db.com/exploits/40790/
2016-11-19
Published