CVE-2018-10140

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions 8.1.2 and earlier

Description The issue is related to insufficient input validation in the PAN-OS Management Web Interface, which can be exploited by an authenticated user to shut down all management sessions. This results in all logged-in users being redirected to the login page. The vulnerability can be triggered by sending malformed searching parameters through the "Filter bar" on the PAN-OS Management Web Interface.

Recommendations For versions 8.1.2 and earlier, consider restricting access to the management web interface to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the ability of authenticated users to shut down all management sessions.