Palo Alto Networks Security Advisories / PAN-SA-2016-0029

PAN-SA-2016-0029 Insecure Server Configuration

047910
Severity 8.8 · HIGH
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact HIGH
User Interaction REQUIRED
Availability Impact HIGH
JSON
Published 2016-10-18
Updated
Reference PAN-52038 and 86767 PAN-SA-2016-0029

Description

An incorrect Web management server configuration was identified in PAN-OS. (Ref # PAN-52038/86767).

This post-authentication issue affects the management interface of the device, where an incorrect configuration could lead to JavaScript execution.

This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.0<= 7.0.7>= 7.0.8
PAN-OS 6.1<= 6.1.12>= 6.1.13
PAN-OS 6.0<= 6.0.14>= 6.0.15
PAN-OS 5.1<= 5.1.12>= 5.1.13
PAN-OS 5.0<= 5.0.19>= 5.0.20

Severity: HIGH

CVSSv3.1 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Weakness Type

Solution

PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later

Workarounds and Mitigations

This issue is available only to authenticated users on the web interface. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP address, and dedicating management of the device to the management interface only.

Acknowledgments

ringzero
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.