vulnerability
Palo Alto Networks PAN-SA-2017-0014 (CVE-2017-7945): Brute force attack on the PAN-OS GlobalProtect external interface
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Apr 28, 2017 | May 2, 2017 | Jun 17, 2020 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Apr 28, 2017
Added
May 2, 2017
Modified
Jun 17, 2020
Description
The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.
Solutions
palo-alto-networks-pan-os-upgrade-6-1palo-alto-networks-pan-os-upgrade-7-0palo-alto-networks-pan-os-upgrade-7-1palo-alto-networks-pan-os-upgrade-8-0
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.