CVE-2017-6356

MEDIUM

Paloaltonetworks Terminal Services Agent - Incorrect Permission Assignment

Title source: rule

Description

Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors.

References (2)

[Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/96925

[Vendor Advisory] https://security.paloaltonetworks.com/CVE-2017-6356

Scores

CVSS v3 5.3

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-732

Status published

Affected Products (4)

paloaltonetworks/terminal_services_agent

n/a/n/a

Timeline

Published Mar 20, 2017

Tracked Since Feb 18, 2026