mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
271 lines
9.3 KiB
JSON
271 lines
9.3 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "psirt@paloaltonetworks.com",
|
|
"DATE_PUBLIC": "2021-08-11T16:00:00.000Z",
|
|
"ID": "CVE-2021-3048",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "PAN-OS",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "9.0",
|
|
"version_value": "9.0.14"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "9.1",
|
|
"version_value": "9.1.9"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "10.0",
|
|
"version_value": "10.0.5"
|
|
},
|
|
{
|
|
"version_affected": "!>=",
|
|
"version_name": "9.0",
|
|
"version_value": "9.0.14"
|
|
},
|
|
{
|
|
"version_affected": "!>=",
|
|
"version_name": "9.1",
|
|
"version_value": "9.1.9"
|
|
},
|
|
{
|
|
"version_affected": "!>=",
|
|
"version_name": "10.0",
|
|
"version_value": "10.0.5"
|
|
},
|
|
{
|
|
"version_affected": "!",
|
|
"version_name": "10.1",
|
|
"version_value": "10.1.*"
|
|
},
|
|
{
|
|
"version_affected": "!",
|
|
"version_name": "8.1",
|
|
"version_value": "8.1.*"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Palo Alto Networks"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"configuration": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "This issue is applicable only if an External Dynamic List (EDL) is configured on the firewall.\nAn EDL that contains only domain names or IP addresses will not cause this issue."
|
|
}
|
|
],
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "This issue was encountered by some customers of Palo Alto Networks during regular operation."
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic. This issue impacts: PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 8.1 and PAN-OS 10.1 versions are not impacted."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 5.9,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-20 Improper Input Validation"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://security.paloaltonetworks.com/CVE-2020-3048",
|
|
"name": "https://security.paloaltonetworks.com/CVE-2020-3048"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "This issue is fixed in PAN-OS 9.0.14, PAN-OS 9.1.9, PAN-OS 10.0.5, and all later PAN-OS versions.\n\nIf a firewall encounters this problem, you will require TAC assistance to make the firewall operational again."
|
|
}
|
|
],
|
|
"source": {
|
|
"defect": [
|
|
"PAN-160455"
|
|
],
|
|
"discovery": "USER"
|
|
},
|
|
"timeline": [
|
|
{
|
|
"lang": "eng",
|
|
"time": "2021-08-11T16:00:00.000Z",
|
|
"value": "Initial publication"
|
|
}
|
|
],
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "You can prevent this issue by removing all invalid URL entries from source EDLs or removing the EDL from your configuration.\n\nAdditionally, do not configure EDLs from websites that you do not trust."
|
|
}
|
|
],
|
|
"x_advisoryEoL": false,
|
|
"x_affectedList": [
|
|
"PAN-OS 10.0.4",
|
|
"PAN-OS 10.0.3",
|
|
"PAN-OS 10.0.2",
|
|
"PAN-OS 10.0.1",
|
|
"PAN-OS 10.0.0",
|
|
"PAN-OS 10.0",
|
|
"PAN-OS 9.1.8",
|
|
"PAN-OS 9.1.7",
|
|
"PAN-OS 9.1.6",
|
|
"PAN-OS 9.1.5",
|
|
"PAN-OS 9.1.4",
|
|
"PAN-OS 9.1.3-h1",
|
|
"PAN-OS 9.1.3",
|
|
"PAN-OS 9.1.2-h1",
|
|
"PAN-OS 9.1.2",
|
|
"PAN-OS 9.1.1",
|
|
"PAN-OS 9.1.0-h3",
|
|
"PAN-OS 9.1.0-h2",
|
|
"PAN-OS 9.1.0-h1",
|
|
"PAN-OS 9.1.0",
|
|
"PAN-OS 9.1",
|
|
"PAN-OS 9.0.13",
|
|
"PAN-OS 9.0.12",
|
|
"PAN-OS 9.0.11",
|
|
"PAN-OS 9.0.10",
|
|
"PAN-OS 9.0.9-h1",
|
|
"PAN-OS 9.0.9",
|
|
"PAN-OS 9.0.8",
|
|
"PAN-OS 9.0.7",
|
|
"PAN-OS 9.0.6",
|
|
"PAN-OS 9.0.5",
|
|
"PAN-OS 9.0.4",
|
|
"PAN-OS 9.0.3-h3",
|
|
"PAN-OS 9.0.3-h2",
|
|
"PAN-OS 9.0.3-h1",
|
|
"PAN-OS 9.0.3",
|
|
"PAN-OS 9.0.2-h4",
|
|
"PAN-OS 9.0.2-h3",
|
|
"PAN-OS 9.0.2-h2",
|
|
"PAN-OS 9.0.2-h1",
|
|
"PAN-OS 9.0.2",
|
|
"PAN-OS 9.0.1",
|
|
"PAN-OS 9.0.0",
|
|
"PAN-OS 9.0"
|
|
],
|
|
"x_likelyAffectedList": [
|
|
"PAN-OS 8.0.20",
|
|
"PAN-OS 8.0.19-h1",
|
|
"PAN-OS 8.0.19",
|
|
"PAN-OS 8.0.18",
|
|
"PAN-OS 8.0.17",
|
|
"PAN-OS 8.0.16",
|
|
"PAN-OS 8.0.15",
|
|
"PAN-OS 8.0.14",
|
|
"PAN-OS 8.0.13",
|
|
"PAN-OS 8.0.12",
|
|
"PAN-OS 8.0.11-h1",
|
|
"PAN-OS 8.0.10",
|
|
"PAN-OS 8.0.9",
|
|
"PAN-OS 8.0.8",
|
|
"PAN-OS 8.0.7",
|
|
"PAN-OS 8.0.6-h3",
|
|
"PAN-OS 8.0.6-h2",
|
|
"PAN-OS 8.0.6-h1",
|
|
"PAN-OS 8.0.6",
|
|
"PAN-OS 8.0.5",
|
|
"PAN-OS 8.0.4",
|
|
"PAN-OS 8.0.3-h4",
|
|
"PAN-OS 8.0.3-h3",
|
|
"PAN-OS 8.0.3-h2",
|
|
"PAN-OS 8.0.3-h1",
|
|
"PAN-OS 8.0.3",
|
|
"PAN-OS 8.0.2",
|
|
"PAN-OS 8.0.1",
|
|
"PAN-OS 8.0.0",
|
|
"PAN-OS 8.0",
|
|
"PAN-OS 7.1.26",
|
|
"PAN-OS 7.1.25",
|
|
"PAN-OS 7.1.24-h1",
|
|
"PAN-OS 7.1.24",
|
|
"PAN-OS 7.1.23",
|
|
"PAN-OS 7.1.22",
|
|
"PAN-OS 7.1.21",
|
|
"PAN-OS 7.1.20",
|
|
"PAN-OS 7.1.19",
|
|
"PAN-OS 7.1.18",
|
|
"PAN-OS 7.1.17",
|
|
"PAN-OS 7.1.16",
|
|
"PAN-OS 7.1.15",
|
|
"PAN-OS 7.1.14",
|
|
"PAN-OS 7.1.13",
|
|
"PAN-OS 7.1.12",
|
|
"PAN-OS 7.1.11",
|
|
"PAN-OS 7.1.10",
|
|
"PAN-OS 7.1.9-h4",
|
|
"PAN-OS 7.1.9-h3",
|
|
"PAN-OS 7.1.9-h2",
|
|
"PAN-OS 7.1.9-h1",
|
|
"PAN-OS 7.1.9",
|
|
"PAN-OS 7.1.8",
|
|
"PAN-OS 7.1.7",
|
|
"PAN-OS 7.1.6",
|
|
"PAN-OS 7.1.5",
|
|
"PAN-OS 7.1.4-h2",
|
|
"PAN-OS 7.1.4-h1",
|
|
"PAN-OS 7.1.4",
|
|
"PAN-OS 7.1.3",
|
|
"PAN-OS 7.1.2",
|
|
"PAN-OS 7.1.1",
|
|
"PAN-OS 7.1.0",
|
|
"PAN-OS 7.1"
|
|
]
|
|
} |