PatchSiren cyber security CVE debrief
CVE-2017-5328 Paloaltonetworks CVE debrief
CVE-2017-5328 is a high-severity vulnerability in Palo Alto Networks Terminal Services Agent. According to the NVD record, versions before 7.0.7 are affected, and attackers may be able to spoof arbitrary users through unspecified vectors. The supplied NVD data rates the issue CVSS 7.5 (HIGH) with network attack complexity low and no user interaction required.
- Vendor
- Paloaltonetworks
- Product
- CVE-2017-5328
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-27
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-27
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams running Palo Alto Networks Terminal Services Agent, especially where user identity or session attribution influences access control, monitoring, or audit logging.
Technical summary
The supplied NVD entry identifies Palo Alto Networks Terminal Services Agent as vulnerable through version 7.0.6, with the fixed boundary at 7.0.7. The described impact is user spoofing / arbitrary user impersonation. NVD assigns CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N and does not provide a specific CWE beyond NVD-CWE-noinfo.
Defensive priority
High. The issue enables identity spoofing and is remotely reachable with no privileges or user interaction per the supplied CVSS vector, so affected deployments should prioritize verification and upgrade planning.
Recommended defensive actions
- Confirm whether Palo Alto Networks Terminal Services Agent is deployed in your environment and identify versions at or below 7.0.6.
- Upgrade to version 7.0.7 or later, as indicated by the supplied vulnerability description.
- Review any workflows that depend on Terminal Services Agent user attribution, because the issue may affect identity trust and audit accuracy.
- Use the vendor advisory and NVD record to validate your remediation scope and affected assets.
- If immediate upgrading is not possible, apply compensating controls that reduce reliance on unauthenticated or automatically attributed user identity data.
Evidence notes
This debrief is based only on the supplied NVD record and linked vendor reference metadata. The source states: "Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors." NVD also lists the vulnerable CPE range ending at 7.0.6 and assigns CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. No specific CWE is provided in the supplied data, so the description remains at the level of spoofing/user impersonation without adding unsupported technical detail.
Official resources
-
CVE-2017-5328 CVE record
CVE.org
-
CVE-2017-5328 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Published in NVD on 2017-01-27; the supplied record was last modified on 2026-05-13. No KEV enrichment is indicated in the supplied data.