9.8

CVE-2017-7945

EPSS 0.44%
Veröffentlicht 29.04.2017 00:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paloaltonetworks ≫ Pan-os Version <= 6.1.15

Paloaltonetworks ≫ Pan-os Version7.0.0

Paloaltonetworks ≫ Pan-os Version7.0.1

Paloaltonetworks ≫ Pan-os Version7.0.2

Paloaltonetworks ≫ Pan-os Version7.0.3

Paloaltonetworks ≫ Pan-os Version7.0.4

Paloaltonetworks ≫ Pan-os Version7.0.5

Paloaltonetworks ≫ Pan-os Version7.0.5 Updateh2

Paloaltonetworks ≫ Pan-os Version7.0.6

Paloaltonetworks ≫ Pan-os Version7.0.7

Paloaltonetworks ≫ Pan-os Version7.0.8

Paloaltonetworks ≫ Pan-os Version7.0.9

Paloaltonetworks ≫ Pan-os Version7.0.10

Paloaltonetworks ≫ Pan-os Version7.0.11

Paloaltonetworks ≫ Pan-os Version7.0.12

Paloaltonetworks ≫ Pan-os Version7.0.13

Paloaltonetworks ≫ Pan-os Version7.0.14

Paloaltonetworks ≫ Pan-os Version7.1.0

Paloaltonetworks ≫ Pan-os Version7.1.1

Paloaltonetworks ≫ Pan-os Version7.1.2

Paloaltonetworks ≫ Pan-os Version7.1.3

Paloaltonetworks ≫ Pan-os Version7.1.4

Paloaltonetworks ≫ Pan-os Version7.1.4 Updateh2

Paloaltonetworks ≫ Pan-os Version7.1.5

Paloaltonetworks ≫ Pan-os Version7.1.6

Paloaltonetworks ≫ Pan-os Version7.1.7

Paloaltonetworks ≫ Pan-os Version7.1.8

Paloaltonetworks ≫ Pan-os Version8.0.0

Paloaltonetworks ≫ Pan-os Version8.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.623

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://security.paloaltonetworks.com/CVE-2017-7945

https://nvd.nist.gov/vuln/detail/CVE-2017-7945

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7945

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7945

EUVD