VYPR
Get started
← All advisories
Critical severity9.8NVD Advisory· Published Apr 29, 2017· Updated May 13, 2026

CVE-2017-7945

CVE-2017-7945

Description

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.

Affected products

29
  • Paloaltonetworks/Pan Os29 versions
    cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*+ 28 more
    • cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*range: <=6.1.15
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.10:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.11:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.12:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.13:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.14:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.5:h2:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.7:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.8:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.0.9:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.1.3:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.1.4:h2:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.1.5:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.1.6:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.1.7:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:7.1.8:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:paloaltonetworks:pan-os:8.0.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.