漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
Vulnerability Description
A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.
CVSS Information
N/A
Vulnerability Type
跨界内存写
Vulnerability Title
Palo Alto Networks PAN-OS 缓冲区错误漏洞
Vulnerability Description
Palo Alto Networks PAN-OS是美国Palo Alto Networks公司的一套为其防火墙设备开发的操作系统。 Palo Alto Networks PAN-OS存在缓冲区错误漏洞,该漏洞源于User-ID Authentication Portal服务在处理特定数据包时的边界检查不足。未经身份认证的攻击者可通过向目标防火墙的User-ID Authentication Portal服务发送特制的数据包,触发缓冲区溢出,从而在目标设备上以 root 权限执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A