PatchSiren cyber security CVE debrief

CVE-2017-5329 Paloaltonetworks CVE debrief

CVE-2017-5329 is a local privilege-escalation flaw in Palo Alto Networks Terminal Services Agent. NVD describes the issue as an out-of-bounds write (CWE-787) affecting versions before 7.0.7, with the vulnerable range shown as through 7.0.6. Because the attack is local, requires low privileges, and needs no user interaction, the practical risk is highest on systems where untrusted local users or code can reach the agent.

Vendor: Paloaltonetworks
Product: CVE-2017-5329
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-27
Original CVE updated: 2026-05-13
Advisory published: 2017-01-27
Advisory updated: 2026-05-13

Who should care

Administrators and security teams managing Palo Alto Networks Terminal Services Agent installations, especially on systems where multiple users, interactive access, or local code execution is possible. Endpoint, server, and platform owners should prioritize this if they run affected versions through 7.0.6.

Technical summary

NVD records CVE-2017-5329 as a vulnerability in Palo Alto Networks Terminal Services Agent caused by an out-of-bounds write. The published CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a local attack with low complexity, low privileges, no user interaction, and high impact if successfully exploited. The vulnerable CPE entry covers terminal_services_agent versions up to and including 7.0.6, with remediation implied by the version boundary before 7.0.7.

Defensive priority

High for exposed or multi-user systems running affected versions. The flaw can lead to privilege gain from a local foothold, so remediation should be treated as a priority patch or upgrade item rather than a routine maintenance fix.

Recommended defensive actions

Upgrade Palo Alto Networks Terminal Services Agent to version 7.0.7 or later.
Inventory systems running Terminal Services Agent and confirm no instances remain on versions 7.0.6 or earlier.
Restrict local user access and review endpoint hardening where affected versions cannot be upgraded immediately.
Track any vendor guidance associated with the Palo Alto Networks advisory for this CVE.
Use the official NVD and CVE records to verify exposure and remediation status before closing the ticket.

Evidence notes

This debrief is based on the supplied NVD CVE record, which lists the vulnerability as an out-of-bounds write in Palo Alto Networks Terminal Services Agent, the affected version range as through 7.0.6, the CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and CWE-787. References in the source corpus include the Palo Alto Networks vendor advisory, the NVD record, and a third-party advisory entry. No KEV listing or ransomware association is present in the supplied data.

Official resources

CVE-2017-5329 CVE record
CVE.org
CVE-2017-5329 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry

CVE published 2017-01-27T22:59:08.383Z; NVD modification recorded 2026-05-13T00:24:29.033Z. No KEV date is supplied.