Palo Alto PAN-OS up to 5.0.18/5.1.11/6.0.13/6.1.11/7.0.7 root_reboot input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.5 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Palo Alto PAN-OS up to 5.0.18/5.1.11/6.0.13/6.1.11/7.0.7 and classified as problematic. This issue affects the function root_reboot. Such manipulation leads to input validation.
This vulnerability is listed as CVE-2016-1712. The attack must be carried out locally. There is no available exploit.
It is suggested to upgrade the affected component.
Details
A vulnerability was found in Palo Alto PAN-OS up to 5.0.18/5.1.11/6.0.13/6.1.11/7.0.7 (Firewall Software) and classified as critical. Affected by this issue is the function root_reboot. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.
The weakness was presented 07/13/2016 by Kasif Dekel as PAN-SA-2016-0012 / 92293 as confirmed advisory (Website). The advisory is shared for download at securityadvisories.paloaltonetworks.com. This vulnerability is handled as CVE-2016-1712 since 01/12/2016. The exploitation is known to be easy. The attack needs to be approached locally. No form of authentication is required for exploitation. There are known technical details, but no exploit is available. The advisory points out:
Palo Alto Networks firewalls do not properly sanitize the root_reboot local invocation which can potentially allow executing code with higher privileges
The vulnerability scanner Nessus provides a plugin with the ID 93125 (Palo Alto Networks PAN-OS 5.0.x < 5.0.19 / 5.1.x < 5.1.12 / 6.0.x < 6.0.14 / 6.1.x < 6.1.12 / 7.0.x < 7.0.8 Privilege Escalation (PAN-SA-2016-0012)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Palo Alto Local Security Checks and running in the context c. The advisory illustrates:
Exploitation of this privilege escalation is restricted to local users. Potential attackers would have to first obtain a shell on the device before they could attempt to escalate privileges through this vulnerability.
Upgrading to version 5.0.19, 5.1.12, 6.0.14, 6.1.12 or 7.0.8 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (93125) and SecurityTracker (ID 1036326†). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
- 5.0.0
- 5.0.1
- 5.0.2
- 5.0.3
- 5.0.4
- 5.0.5
- 5.0.6
- 5.0.7
- 5.0.8
- 5.0.9
- 5.0.10
- 5.0.11
- 5.0.12
- 5.0.13
- 5.0.14
- 5.0.15
- 5.0.16
- 5.0.17
- 5.0.18
- 5.1.0
- 5.1.1
- 5.1.2
- 5.1.3
- 5.1.4
- 5.1.5
- 5.1.6
- 5.1.7
- 5.1.8
- 5.1.9
- 5.1.10
- 5.1.11
- 6.0.0
- 6.0.1
- 6.0.2
- 6.0.3
- 6.0.4
- 6.0.5
- 6.0.6
- 6.0.7
- 6.0.8
- 6.0.9
- 6.0.10
- 6.0.11
- 6.0.12
- 6.0.13
- 6.1.0
- 6.1.1
- 6.1.2
- 6.1.3
- 6.1.4
- 6.1.5
- 6.1.6
- 6.1.7
- 6.1.8
- 6.1.9
- 6.1.10
- 6.1.11
- 7.0.0
- 7.0.1
- 7.0.2
- 7.0.3
- 7.0.4
- 7.0.5
- 7.0.6
- 7.0.7
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.8VulDB Meta Temp Score: 7.6
VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 93125
Nessus Name: Palo Alto Networks PAN-OS 5.0.x < 5.0.19 / 5.1.x < 5.1.12 / 6.0.x < 6.0.14 / 6.1.x < 6.1.12 / 7.0.x < 7.0.8 Privilege Escalation (PAN-SA-2016-0012)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 802901
OpenVAS Name: Palo Alto PAN-OS Local privilege escalation (PAN-SA-2016-0012)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: PAN-OS 5.0.19/5.1.12/6.0.14/6.1.12/7.0.8
Timeline
01/12/2016 🔍07/05/2016 🔍
07/13/2016 🔍
07/16/2016 🔍
07/23/2016 🔍
08/02/2016 🔍
08/26/2016 🔍
03/07/2019 🔍
Sources
Vendor: paloaltonetworks.comAdvisory: PAN-SA-2016-0012 / 92293
Researcher: Kasif Dekel
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2016-1712 (🔍)
GCVE (CVE): GCVE-0-2016-1712
GCVE (VulDB): GCVE-100-90248
SecurityTracker: 1036326
Entry
Created: 07/23/2016 12:43Updated: 03/07/2019 21:56
Changes: 07/23/2016 12:43 (69), 03/07/2019 21:56 (11)
Complete: 🔍
Cache ID: 216:DB0:103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.