CVE-2017-15943
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.
La importación de archivos de configuración para las funcionalidades de objetos de aplicaciones, spyware y vulnerabilidades en la interfaz web en Palo Alto Networks PAN-OS en versiones anteriores a la 6.1.19; versiones 7.0.x anteriores a la 7.0.19 y versiones 7.1.x anteriores a la 7.1.14 permite que atacantes remotos lleven a cabo ataques de SSRF (Server-Side Request Forgery) y, consecuentemente, obtengan información sensible mediante vectores relacionados con el análisis sintáctico de entidades externas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-10-27 CVE Reserved
- 2017-12-11 CVE Published
- 2023-06-13 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/102074 | Third Party Advisory | |
http://www.securitytracker.com/id/1040005 | Third Party Advisory | |
https://security.paloaltonetworks.com/CVE-2017-15943 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | < 6.1.19 Search vendor "Paloaltonetworks" for product "Pan-os" and version " < 6.1.19" | - |
Affected
| ||||||
Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 7.0.0 < 7.0.19 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 7.0.0 < 7.0.19" | - |
Affected
| ||||||
Paloaltonetworks Search vendor "Paloaltonetworks" | Pan-os Search vendor "Paloaltonetworks" for product "Pan-os" | >= 7.1.0 < 7.1.14 Search vendor "Paloaltonetworks" for product "Pan-os" and version " >= 7.1.0 < 7.1.14" | - |
Affected
|