// For flags

CVE-2017-15943

 

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.

La importación de archivos de configuración para las funcionalidades de objetos de aplicaciones, spyware y vulnerabilidades en la interfaz web en Palo Alto Networks PAN-OS en versiones anteriores a la 6.1.19; versiones 7.0.x anteriores a la 7.0.19 y versiones 7.1.x anteriores a la 7.1.14 permite que atacantes remotos lleven a cabo ataques de SSRF (Server-Side Request Forgery) y, consecuentemente, obtengan información sensible mediante vectores relacionados con el análisis sintáctico de entidades externas.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-10-27 CVE Reserved
  • 2017-12-11 CVE Published
  • 2023-06-13 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (3)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Paloaltonetworks
Search vendor "Paloaltonetworks"
Pan-os
Search vendor "Paloaltonetworks" for product "Pan-os"
< 6.1.19
Search vendor "Paloaltonetworks" for product "Pan-os" and version " < 6.1.19"
-
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Pan-os
Search vendor "Paloaltonetworks" for product "Pan-os"
>= 7.0.0 < 7.0.19
Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 7.0.0 < 7.0.19"
-
Affected
Paloaltonetworks
Search vendor "Paloaltonetworks"
Pan-os
Search vendor "Paloaltonetworks" for product "Pan-os"
>= 7.1.0 < 7.1.14
Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 7.1.0 < 7.1.14"
-
Affected