CVE-2017-8390

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions 6.1.17 and earlier Palo Alto Networks PAN-OS versions 7.0.15 and earlier Palo Alto Networks PAN-OS versions 7.1.9 and earlier Palo Alto Networks PAN-OS versions 8.0.2 and earlier

Description The issue is related to insufficient input validation in the DNS Proxy of the PAN-OS operating system. This allows a remote attacker to execute arbitrary code via a specially crafted domain name, specifically a fully qualified domain name (FQDN). The vulnerability affects both the Data and Management planes of the firewall. Successful exploitation could allow an attacker to execute code on the firewall.

Recommendations For versions 6.1.17 and earlier, update to version 6.1.18 or later. For versions 7.0.15 and earlier, update to version 7.0.16 or later. For versions 7.1.9 and earlier, update to version 7.1.11 or later. For versions 8.0.2 and earlier, update to version 8.0.3 or later.