CVE-2017-7945

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
paloaltonetworkspan-os
𝑥
≤ 6.1.15
paloaltonetworkspan-os
7.0.0
paloaltonetworkspan-os
7.0.1
paloaltonetworkspan-os
7.0.2
paloaltonetworkspan-os
7.0.3
paloaltonetworkspan-os
7.0.4
paloaltonetworkspan-os
7.0.5
paloaltonetworkspan-os
7.0.5:h2
paloaltonetworkspan-os
7.0.6
paloaltonetworkspan-os
7.0.7
paloaltonetworkspan-os
7.0.8
paloaltonetworkspan-os
7.0.9
paloaltonetworkspan-os
7.0.10
paloaltonetworkspan-os
7.0.11
paloaltonetworkspan-os
7.0.12
paloaltonetworkspan-os
7.0.13
paloaltonetworkspan-os
7.0.14
paloaltonetworkspan-os
7.1.0
paloaltonetworkspan-os
7.1.1
paloaltonetworkspan-os
7.1.2
paloaltonetworkspan-os
7.1.3
paloaltonetworkspan-os
7.1.4
paloaltonetworkspan-os
7.1.4:h2
paloaltonetworkspan-os
7.1.5
paloaltonetworkspan-os
7.1.6
paloaltonetworkspan-os
7.1.7
paloaltonetworkspan-os
7.1.8
paloaltonetworkspan-os
8.0.0
paloaltonetworkspan-os
8.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.paloaltonetworks.com/CVE-2017-7945
https://security.paloaltonetworks.com/CVE-2017-7945