CVE-2017-9458
CRITICALPalo Alto Networks PAN-OS XML External Entity Injection in GlobalProtect Gateway Interface
Title source: llmDescription
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
https://security.paloaltonetworks.com/CVE-2017-9458
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039256
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100614
Scores
CVSS v3
9.8
EPSS
0.0127
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
CWE-918
Status
published
Products (29)
paloaltonetworks/pan-os
7.0.0
paloaltonetworks/pan-os
7.0.1
paloaltonetworks/pan-os
7.0.2
paloaltonetworks/pan-os
7.0.3
paloaltonetworks/pan-os
7.0.4
paloaltonetworks/pan-os
7.0.5
paloaltonetworks/pan-os
7.0.6
paloaltonetworks/pan-os
7.0.7
paloaltonetworks/pan-os
7.0.8
paloaltonetworks/pan-os
7.0.9
... and 19 more
Published
Sep 07, 2017
Tracked Since
Feb 18, 2026