CVE-2017-15944

CRITICAL KEV NUCLEI

Palo Alto Network PAN-OS - Remote Code Execution

Title source: nuclei

Description

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.

Exploits (8)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremoteunix
https://www.exploit-db.com/exploits/44597
exploitdb WRITEUP VERIFIED
by Philip Pettersson · textremotehardware
https://www.exploit-db.com/exploits/43342
nomisec WORKING POC 6 stars
by surajraghuvanshi · remote
https://github.com/surajraghuvanshi/PaloAltoRceDetectionAndExploit
nomisec SCANNER 1 stars
by xxnbyy · remote
https://github.com/xxnbyy/CVE-2017-15944-POC
nomisec WRITEUP
by P4x1s · poc
https://github.com/P4x1s/PaloAlto_EXP
nomisec WORKING POC
by yukar1z0e · remote
https://github.com/yukar1z0e/CVE-2017-15944
vulncheck_xdb WORKING POC
remote
https://github.com/AiK1d/PaloAlto_EXP
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/panos_readsessionvars.rb

Nuclei Templates (1)

Palo Alto Network PAN-OS - Remote Code Execution
CRITICALby emadshanab,milo2012
Shodan: http.favicon.hash:"-631559155" || cpe:"cpe:2.3:o:paloaltonetworks:pan-os"
FOFA: icon_hash="-631559155"

References (6)

Scores

CVSS v3 9.8
EPSS 0.9400
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-08-18
VulnCheck KEV 2022-08-18
InTheWild.io 2022-08-18
ENISA EUVD EUVD-2017-7360
CWE
CWE-119 CWE-20
Status published
Products (1)
paloaltonetworks/pan-os < 6.1.19
Published Dec 11, 2017
KEV Added Aug 18, 2022
Tracked Since Feb 18, 2026