漏洞类别:General remote services
漏洞等级: 
漏洞信息
A vulnerability exists in the PAN-OS web interface in the configuration file import for applications, spyware and vulnerability objects.
Affected Versions:
PAN-OS 6.1.18 and earlier
PAN-OS 7.0.18 and earlier
PAN-OS 7.1.13 and earlier
QID Detection Logic (authenticated):
This QID looks for the vulnerable version of PAN-OS via XML API.
漏洞危害
Successful exploitation could allow an attacker to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.
解决方案
Please refer to PAN-SA-2017-0026 for more information about patching this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论