Release date: 2013-09-02
Updated on: 2013-09-03
Affected Systems:
Palo Alto Network PAN-OS <= 4.0.14
Palo Alto Network PAN-OS 5.0.x
Palo Alto Network PAN-OS 4.1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 62111
CVE (CAN) ID: CVE-2013-5663
PAN-OS is used to control the operating system of the new generation firewall of Palo Alto Networks. It provides a wide range of firewall, management, and network functions.
The App-ID caching functions of Palo Alto Networks versions earlier than PAM 4.0.14, 4.1.x, and 5.0.x have security vulnerabilities. Remote attackers can trigger invalid caching through specially crafted requests, attackers can exploit this vulnerability to bypass the target security policy.
<* Source: vendor
Link: https://securityadvisories.paloaltonetworks.com/Home/Detail/19
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Palo Alto Network
-----------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.paloaltonetworks.com/
Http://researchcenter.paloaltonetworks.com/2013/01/app-id-cache-pollution-update/