CVE-2017-9458

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 6.1.18 PAN-OS versions 7.0.x prior to 7.0.17 PAN-OS versions 7.1.x prior to 7.1.12 PAN-OS versions 8.0.x prior to 8.0.3

Description The issue is related to an XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface of PAN-OS. This vulnerability can be exploited by a remote attacker to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks. The vulnerability is due to the incorrect restriction of XML links to external objects.

Recommendations For PAN-OS versions prior to 6.1.18, update to version 6.1.18 or later. For PAN-OS versions 7.0.x prior to 7.0.17, update to version 7.0.17 or later. For PAN-OS versions 7.1.x prior to 7.1.12, update to version 7.1.12 or later. For PAN-OS versions 8.0.x prior to 8.0.3, update to version 8.0.3 or later. As a temporary workaround, consider restricting XML input parsing in the GlobalProtect interface until a patch is available.