Palo Alto Networks Security Advisories / PAN-SA-2016-0014

PAN-SA-2016-0014 Cross-site scripting issue in policy

047910
Severity 4.6 · MEDIUM
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required LOW
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact LOW
Integrity Impact LOW
Availability Impact NONE

Description

Palo Alto Networks firewalls running the PAN-OS web interface are subject to a cross-site scripting vulnerability (Ref. 93072).

Exploitation of this problem is available only to interactive users logged in to the management interface with read and write privileges.

This issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.0<= 7.0.7>= 7.0.8
PAN-OS 6.1<= 6.1.11>= 6.1.12
PAN-OS 6.0<= 6.0.13>= 6.0.14
PAN-OS 5.1<= 5.1.11>= 5.1.12
PAN-OS 5.0<= 5.0.18>= 5.0.19

Severity: MEDIUM

CVSSv3.1 Base Score: 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

Weakness Type

Solution

PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.8 and later

Workarounds and Mitigations

This issue is available only to web interface authenticated users. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP addresses, and dedicating management of the device to the management interface only.

Acknowledgments

Travis Christianson
© 2020 Palo Alto Networks, Inc. All rights reserved.