Palo Alto Networks firewalls running the PAN-OS web interface are subject to a cross-site scripting vulnerability (Ref. 93072).
Exploitation of this problem is available only to interactive users logged in to the management interface with read and write privileges.
This issue affects PAN-OS 5.0.18 and earlier; PAN-OS 5.1.11 and earlier; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.11 and earlier; PAN-OS 7.0.7 and earlier
Versions | Affected | Unaffected |
---|---|---|
PAN-OS 7.0 | <= 7.0.7 | >= 7.0.8 |
PAN-OS 6.1 | <= 6.1.11 | >= 6.1.12 |
PAN-OS 6.0 | <= 6.0.13 | >= 6.0.14 |
PAN-OS 5.1 | <= 5.1.11 | >= 5.1.12 |
PAN-OS 5.0 | <= 5.0.18 | >= 5.0.19 |
CVSSv3.1 Base Score: 4.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
PAN-OS 5.0.19 and later; PAN-OS 5.1.12 and later; PAN-OS 6.0.14 and later; PAN-OS 6.1.12 and later; PAN-OS 7.0.8 and later
This issue is available only to web interface authenticated users. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP addresses, and dedicating management of the device to the management interface only.