CVE-2017-7217
published 2017-04-14CVE-2017-7217: The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified…
PriorityP423medium4.3CVSS 3.0
AVNACLPRLUINSUCNILAN
EPSS
1.06%
60.5th percentile
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 7.0.13 | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Tampering of temporary export files in the Management Web Interface
vendor_paloalto·2017-04-10·CVSS 4.3
CVE-2017-7217 [MEDIUM] CWE-20 Tampering of temporary export files in the Management Web Interface
Tampering of temporary export files in the Management Web Interface
A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. (Ref # PAN- 70436 / CVE-2017-7217)
Successfully exploiting this issue would require an attacker to be authenticated. Tampering of files is limited to temporary files used for exporting
This issue affects PAN-OS 7.0.13 and earlier, PAN-OS 7.1.8 and earlier
Affected products: PAN-OS
Solution: PAN-OS 7.0.14 and later, PAN-OS 7.1.9 and later
Workaround: Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedic
GHSA
GHSA-j9h5-mwww-3q8c: The Management Web Interface in Palo Alto Networks PAN-OS before 7
ghsa_unreviewed·2022-05-17
CVE-2017-7217 [MEDIUM] CWE-20 GHSA-j9h5-mwww-3q8c: The Management Web Interface in Palo Alto Networks PAN-OS before 7
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-04-14
Published