Vulnerability Details : CVE-2017-7408
Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-7408
- cpe:2.3:a:paloaltonetworks:traps:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-7408
0.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7408
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-7408
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7408
-
https://security.paloaltonetworks.com/CVE-2017-7408
CVE-2017-7408 Temporary DoS for Traps AgentVendor Advisory
-
https://www.paloaltonetworks.com/documentation/34/endpoint/traps-release-notes/traps-3-4-4-addressed-issues.html
Page Not FoundRelease Notes;Vendor Advisory
-
http://www.securityfocus.com/bid/97533
Palo Alto Networks Traps ESM Console CVE-2017-7408 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to