CVE-2017-15943

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
paloaltonetworkspan-os
𝑥
< 6.1.19
paloaltonetworkspan-os
7.0.0 ≤
𝑥
< 7.0.19
paloaltonetworkspan-os
7.1.0 ≤
𝑥
< 7.1.14
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102074
http://www.securitytracker.com/id/1040005
https://security.paloaltonetworks.com/CVE-2017-15943
http://www.securityfocus.com/bid/102074
http://www.securitytracker.com/id/1040005
https://security.paloaltonetworks.com/CVE-2017-15943