How severe is CVE-2017-7945?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2017-7945?

This is classified as CWE-209, which is a common weakness in software security.

CVE-2017-7945 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.

Related Vulnerabilities

CVE-2017-7551

CRITICAL

CVSS:9.8(Critical)

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

CWE-2092017

CVE-2018-11325

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and disp...

CWE-2092018

CVE-2018-14925

CRITICAL

CVSS:9.8(Critical)

Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.

CWE-2092018

CVE-2019-7612

CRITICAL

CVSS:9.8(Critical)

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credenti...

CWE-2092019

CVE-2019-7644

CRITICAL

CVSS:9.8(Critical)

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker,...

CWE-2092019

CVE-2021-42777

CRITICAL

CVSS:9.8(Critical)

Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server...

CWE-2092021