PT-2016-2291 · Gnu+6 · Wget+6
Dawid Golunski
·
Published
2016-06-10
·
Updated
2024-06-15
·
CVE-2016-4971
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GNU wget versions prior to 1.18
PAN-OS versions prior to 6.1.17
PAN-OS versions prior to 7.0.15
PAN-OS versions prior to 7.1.10
PAN-OS versions prior to 8.0.1
Description
The issue is related to errors in security settings, allowing remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. This can be exploited by an attacker to modify files. The estimated number of potentially affected devices is not provided.
Recommendations
For GNU wget versions prior to 1.18, update to version 1.18 or later.
For PAN-OS versions prior to 6.1.17, update to version 6.1.17 or later.
For PAN-OS versions prior to 7.0.15, update to version 7.0.15 or later.
For PAN-OS versions prior to 7.1.10, update to version 7.1.10 or later.
For PAN-OS versions prior to 8.0.1, update to version 8.0.1 or later.
As a temporary workaround, consider restricting access to the Management Interface to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Centos
Pan-Os
Red Hat
Suse
Ubuntu
Wget