Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-7945

Опубликовано: 29 апр. 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 5
EPSS Низкий

Описание

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Версия до 6.1.15 (включая)
cpe:2.3:o:paloaltonetworks:pan-os:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.5:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.13:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.0.14:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.0:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.1:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.3:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.5:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.6:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.7:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:7.1.8:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:8.0.0:*:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:8.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 63%
0.00437
Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-209

Связанные уязвимости

github логотип

GHSA-jx68-2fp3-jrpx

CVSS3: 9.8
github
больше 3 лет назад

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.

EPSS

Процентиль: 63%
0.00437
Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-209