CVE-2017-6356
MEDIUMPaloaltonetworks Terminal Services Agent - Incorrect Permission Assignment
Title source: ruleDescription
Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96925
Vendor Advisory x_refsource_confirm
https://security.paloaltonetworks.com/CVE-2017-6356
Scores
CVSS v3
5.3
EPSS
0.0012
EPSS Percentile
30.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-732
Status
published
Products (3)
paloaltonetworks/terminal_services_agent
6.0
paloaltonetworks/terminal_services_agent
7.0
paloaltonetworks/terminal_services_agent
8.0
Published
Mar 20, 2017
Tracked Since
Feb 18, 2026