2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2017-8390" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2017-08-02T19:29:00.930" ,
2024-11-23 09:11:19 +00:00
"lastModified" : "2024-11-21T03:33:56.003" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name."
} ,
{
"lang" : "es" ,
"value" : "El proxy DNS en Palo Alto Networks PAN-OS en sus versiones anteriores a la 6.1.18, todas las 7.x antes de la 7.0.16, todas las 7.1.x antes de la 7.1.11 y todas las 8.x antes de la 8.0.3 permite a los atacantes remotos que ejecuten c\u00f3digo arbitrario a trav\u00e9s de un nombre de dominio especialmente manipulado."
}
] ,
"metrics" : {
"cvssMetricV30" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.0" ,
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2024-11-23 09:11:19 +00:00
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-11-23 09:11:19 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C" ,
2024-11-23 09:11:19 +00:00
"baseScore" : 10.0 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
2024-11-23 09:11:19 +00:00
"availabilityImpact" : "COMPLETE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 10.0 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-20"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "6.1.17" ,
"matchCriteriaId" : "460EF266-5397-4FB9-B4C3-BECB2FB12AE4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4EE577FC-15FF-4E57-8257-DCDFFB2A9985"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6BCC7DB4-24B3-4F4A-86C5-B9D59E891E2F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9EC541C0-0BB9-4011-A3B8-DDCD00A324F7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D8F8C2BE-21DE-49FE-A58F-97158657EF24"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BDB6D0AB-5364-432A-8F7A-9DB53E1BF5D2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0BEEBF0F-FBB2-43B7-9F56-0FBF2DADCA2F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "831890DD-6702-4AA1-9F20-B0E22B06043A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "448EC192-C6FD-4E97-AE26-51001986E7FC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A02BEFED-A8AB-4A51-8E01-69123C20F9FA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "59E29A65-120E-4FB6-B54B-8E86B52CED05"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.11:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C9A95E6A-CD9A-473B-A6DC-AE2E48684A02"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.12:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F9C19ADE-22F7-42D0-A6FD-81EDB334B484"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.13:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E8AAF08A-5478-4942-8CC0-0F267F464684"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.14:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "033CDBB8-59A7-44BA-B28C-57A91CCD0B83"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.0.15:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7DA1E444-B9CE-48CF-BEA2-5A39D0641483"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "685DCF3A-39BD-4C38-9DC4-2AF715BB65AF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "94C08178-C348-4B87-B951-27BA9102E60C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DEFDAAE0-7A3B-4B9A-BC2A-AE5E8BCAE406"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "32839A0C-6229-430C-88A7-9E0ECC9F49CD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B6A695BB-D919-4025-B5C3-7BFDF4D602F4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.4-h2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "ADBFA14A-BFD0-4B87-9F98-86703BF81644"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7F9B6C6A-4FF5-4807-AC02-F9E5526C4B28"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AE7CE914-E21C-4850-96D8-A5C31C32C065"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.8:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7B7D2AA1-7381-436E-A080-87867C681DF6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.9:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D166F248-CB7B-4C71-9A54-355CED04F193"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.9-h2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "95C3582B-9218-4464-B944-29DD47D4FC7B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:7.1.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BCA169C5-66C2-4BA6-9515-2C1EF2D2B96B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:8.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B4A47526-2888-49CC-895F-F7361A35C45C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:8.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2A5715D2-8821-4704-B977-D3550E94DFCD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:paloaltonetworks:pan-os:8.0.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B07023EC-3119-4D08-AB90-3CBF534B1B0D"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://www.securityfocus.com/bid/99911" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "http://www.securitytracker.com/id/1038976" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "https://security.paloaltonetworks.com/CVE-2017-8390" ,
"source" : "cve@mitre.org"
2024-11-23 09:11:19 +00:00
} ,
{
"url" : "http://www.securityfocus.com/bid/99911" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "http://www.securitytracker.com/id/1038976" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "https://security.paloaltonetworks.com/CVE-2017-8390" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
2023-04-24 12:24:31 +02:00
}
]
}
