vulnerability
Palo Alto Networks PAN-SA-2017-0014 (CVE-2017-7945): Brute force attack on the PAN-OS GlobalProtect external interface
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | 2017-04-28 | 2017-05-02 | 2020-06-17 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
2017-04-28
Added
2017-05-02
Modified
2020-06-17
Description
The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.
Solution(s)
palo-alto-networks-pan-os-upgrade-6-1palo-alto-networks-pan-os-upgrade-7-0palo-alto-networks-pan-os-upgrade-7-1palo-alto-networks-pan-os-upgrade-8-0
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.