Palo Alto Networks Security Advisories / PAN-SA-2016-0029

PAN-SA-2016-0029 Insecure Server Configuration

Severity 8.8 · HIGH
Attack Vector NETWORK
Attack Complexity LOW
Confidentiality Impact HIGH
Privileges Required NONE
Integrity Impact HIGH
User Interaction REQUIRED
Availability Impact HIGH


An incorrect Web management server configuration was identified in PAN-OS. (Ref # PAN-52038/86767).

This post-authentication issue affects the management interface of the device, where an incorrect configuration could lead to JavaScript execution.

This issue affects PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier

Product Status

PAN-OS 7.0<= 7.0.7>= 7.0.8
PAN-OS 6.1<= 6.1.12>= 6.1.13
PAN-OS 6.0<= 6.0.14>= 6.0.15
PAN-OS 5.1<= 5.1.12>= 5.1.13
PAN-OS 5.0<= 5.0.19>= 5.0.20


CVSSv3.1 Base Score:8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Weakness Type


PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later

Workarounds and Mitigations

This issue is available only to authenticated users on the web interface. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP address, and dedicating management of the device to the management interface only.


© 2023 Palo Alto Networks, Inc. All rights reserved.