Palo Alto Networks Security Advisories / PAN-SA-2016-0029

PAN-SA-2016-0029 Insecure Server Configuration

047910
Severity 8.8 · HIGH
Attack Vector NETWORK
Scope UNCHANGED
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact HIGH
User Interaction REQUIRED
Availability Impact HIGH

Description

An incorrect Web management server configuration was identified in PAN-OS. (Ref # PAN-52038/86767).

This post-authentication issue affects the management interface of the device, where an incorrect configuration could lead to JavaScript execution.

This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier

Product Status

VersionsAffectedUnaffected
PAN-OS 7.0<= 7.0.7>= 7.0.8
PAN-OS 6.1<= 6.1.12>= 6.1.13
PAN-OS 6.0<= 6.0.14>= 6.0.15
PAN-OS 5.1<= 5.1.12>= 5.1.13
PAN-OS 5.0<= 5.0.19>= 5.0.20

Severity:HIGH

CVSSv3.1 Base Score:8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Weakness Type

Solution

PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later

Workarounds and Mitigations

This issue is available only to authenticated users on the web interface. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP address, and dedicating management of the device to the management interface only.

Acknowledgments

ringzero
© 2022 Palo Alto Networks, Inc. All rights reserved.