PT-2016-7666 · Palo Alto Networks · Pan-Os
Khalilov Mukhammad
·
Publicado
2016-11-17
·
Atualizado
2020-02-17
·
CVE-2016-9149
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
PAN-OS versions 5.0.19 and earlier
PAN-OS versions 5.1.12 and earlier
PAN-OS versions 6.0.14 and earlier
PAN-OS versions 6.1.14 and earlier
PAN-OS versions 7.0.10 and earlier
PAN-OS versions 7.1.5 and earlier
Description
The Addresses Object parser in PAN-OS mishandles single quote characters, allowing remote authenticated users to conduct XPath injection attacks via a crafted string. This issue could allow XPath manipulation.
Recommendations
For PAN-OS versions 5.0.19 and earlier, update to version 5.0.20 or later.
For PAN-OS versions 5.1.12 and earlier, update to version 5.1.13 or later.
For PAN-OS versions 6.0.14 and earlier, update to version 6.0.15 or later.
For PAN-OS versions 6.1.14 and earlier, update to version 6.1.15 or later.
For PAN-OS versions 7.0.10 and earlier, update to version 7.0.11 or later.
For PAN-OS versions 7.1.5 and earlier, update to version 7.1.6 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Pan-Os