CVE-2017-7218
published 2017-04-14CVE-2017-7218: The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.
PriorityP339high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.54%
41.5th percentile
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 7.1.8 | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3fpm-hgm9-6v2c: The Management Web Interface in Palo Alto Networks PAN-OS before 7
ghsa_unreviewed·2022-05-13
CVE-2017-7218 [HIGH] CWE-20 GHSA-3fpm-hgm9-6v2c: The Management Web Interface in Palo Alto Networks PAN-OS before 7
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.
Palo Alto
Local Privilege Escalation in the Management Web Interface
vendor_paloalto·2017-04-10·CVSS 7.8
CVE-2017-7218 [HIGH] CWE-20 Local Privilege Escalation in the Management Web Interface
Local Privilege Escalation in the Management Web Interface
A vulnerability exists in the Management Web Interface that could allow for local privilege escalation. The Management Web Interface does not properly validate specific request parameters which can potentially allow executing code with higher privileges. (Ref # PAN-70426/ CVE-2017-7218)
Successfully exploiting this issue would require an attacker to be authenticated.
This issue affects PAN-OS 7.1.8 and earlier
Affected products: PAN-OS
Solution: PAN-OS 7.1.9 and later
Workaround: Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the manag
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-04-14
Published