A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface that could allow for XML External Entity (XXE) attack. PAN-OS does not properly parse XML input. (Ref # PAN-75688 / CVE-2017-9458)
Successful exploitation of this issue may allow disclosure of information, denial of service or server side request forgery.
This issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0.16 and earlier, PAN-OS 7.1.11 and earlier, PAN-OS 8.0.2 and earlier
|8.0||<= 8.0.2||>= 8.0.3|
|7.1||<= 7.1.11||>= 7.1.12|
|7.0||<= 7.0.16||>= 7.0.17|
|6.1||<= 6.1.17||>= 6.1.18|
CVSSv3.1 Base Score: 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
PAN-OS 6.1.18 and later, PAN-OS 7.0.17 and later, PAN-OS 7.1.12 and later, PAN-OS 8.0.3 and later
Customers that have not configured GlobalProtect are not affected by this issue.