Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-9150Improper Restriction of Operations within the Bounds of a Memory Buffer in Paloaltonetworks Pan-os

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
62.8%
top 1.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedNov 19
Latest updateMay 13

Description

Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDpaloaltonetworks/pan-os5.0.05.0.20+5
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-74mq-8qhr-9592: Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 52022-05-13
CVEList
CVE-2016-9150: Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 52016-11-19

💥Exploits & PoCs

1
Exploit-DB
Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow2016-11-18

📋Vendor Advisories

1
Palo Alto
Buffer Overflow in the Management Web Interface2016-11-17
CVE-2016-9150 — Paloaltonetworks Pan-os vulnerability | cvebase