CVE-2018-10140Improper Input Validation in Palo Alto Networks Pan-os

CWE-20Improper Input Validation3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 28.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Paloaltonetworks Pan-osPalo Alto Networks Pan-osPaloalto Pan-os
Timeline
PublishedAug 16
Latest updateMay 13

Description

The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDpaloaltonetworks/pan-os8.1.08.1.2
CVEListV5palo_alto_networks/pan-os8.1.2 and earlier
Palo Altopaloalto/pan-os

🔴Vulnerability Details

1
GHSA
GHSA-f974-9pxv-hmpx: The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 82022-05-13

📋Vendor Advisories

1
Palo Alto
Denial of Service in PAN-OS Management Web Interface2018-08-15