CVE-2017-15943

Published: Dec 11, 2017Modified: May 13, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.

Affected (3)

Products: Paloaltonetworks: Pan Os

Paloaltonetworks

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Pan Os	Before 6.1.19
Paloaltonetworks Pan Os	From 7.0.0 to 7.0.19
Paloaltonetworks Pan Os	From 7.1.0 to 7.1.14

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

http://www.securityfocus.com/bid/102074

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040005

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://security.paloaltonetworks.com/CVE-2017-15943

Source: cve@mitre.org

http://www.securityfocus.com/bid/102074

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040005

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://security.paloaltonetworks.com/CVE-2017-15943

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.