CVE-2017-8390Improper Input Validation in Paloaltonetworks Pan-os

CWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
11.4%
top 6.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedAug 2
Latest updateMay 13

Description

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-j73g-qx54-ph6j: The DNS Proxy in Palo Alto Networks PAN-OS before 62022-05-13
CVEList
CVE-2017-8390: The DNS Proxy in Palo Alto Networks PAN-OS before 62017-08-02

📋Vendor Advisories

1
Palo Alto
Vulnerability in the PAN-OS DNS Proxy2017-07-20
CVE-2017-8390 — Improper Input Validation | cvebase