PT-2016-2291 · Gnu+6 · Wget+6
Dawid Golunski
·
Publicado
2016-06-10
·
Atualizado
2024-06-15
·
CVE-2016-4971
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GNU wget versions prior to 1.18
PAN-OS versions prior to 6.1.17
PAN-OS versions prior to 7.0.15
PAN-OS versions prior to 7.1.10
PAN-OS versions prior to 8.0.1
Description
The issue is related to errors in security settings, allowing remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. This can be exploited by an attacker to modify files. The estimated number of potentially affected devices is not provided.
Recommendations
For GNU wget versions prior to 1.18, update to version 1.18 or later.
For PAN-OS versions prior to 6.1.17, update to version 6.1.17 or later.
For PAN-OS versions prior to 7.0.15, update to version 7.0.15 or later.
For PAN-OS versions prior to 7.1.10, update to version 7.1.10 or later.
For PAN-OS versions prior to 8.0.1, update to version 8.0.1 or later.
As a temporary workaround, consider restricting access to the Management Interface to minimize the risk of exploitation.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Pan-Os
Red Hat
Suse
Ubuntu
Wget