Reference: CERT-EU Security Advisory 2016-117 
Title: Palo Alto critical bugs
Version history: 25/02/2016 Initial publication.


Summary:
========
Palo Alto Networks has revealed four new vulnerabilities [1]:

PAN-SA-2016-0005 - critical [1]: “When a PAN-OS device is configured
as a GlobalProtect portal, a vulnerability exists where an improper
handling of a buffer involved in the processing of SSL VPN requests
can result in device crash and possible remote code execution.”
PAN-SA-2016-0004 - medium [1]: “When a PAN-OS device is configured as
a GlobalProtect web portal, a specially crafted request to the portal
could result in a crash of the service.”
PAN-SA-2016-0003 - High [1]: “Palo Alto Networks PAN-OS implements an
API to enable programmatic device configuration and administration of
the device. An issue was identified where the management API
incorrectly parses input to a specific API call, leading to execution
of arbitrary OS commands without authentication via the management
interface.”
PAN-SA-2016-0002 - Low [1]: “Palo Alto Networks firewalls implement a
command line interface for interactive configuration through a serial
interface or a remote SSH session. An issue was identified that can
cause incorrect parsing of a specific SSH command parameter, leading
to arbitrary command execution on the OS level. This vulnerability
requires successful authentication but can be used to execute OS
commands with root privileges if the logged on user has administrative
privileges.”


Products Affected:
==================
PAN-OS releases 5.0.17, 5.1.10, 6.0.12, 6.1.9, 7.0.5 and prior.


Recommendations:
===============
Customers using PAN-OS and Panorama software are advised to upgrade to
the latest releases as soon as possible and no later than March 16th
2016, since this is the date when details of the vulnerabilities will
be publicly disclosed at a security conference in Germany [2].

Available Updates: PAN-OS releases 5.0.18, 6.0.13, 6.1.10 and 7.0.5
and newer.


References:
==========
[1] https://securityadvisories.paloaltonetworks.com/
[2] http://www.theregister.co.uk/2016/02/25/palo_alto_reveals_critical_bugs_
and_march_16th_patch_deadline/



Best Regards,

CERT-EU Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html