Iñaki Rodríguez

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions 5.0.15 and earlier PAN-OS versions 6.0.7 and earlier PAN-OS versions 6.1.3 and earlier **Description** The issue is related to an XML external entity (XXE) vulnerability in the management interface. This allows remote authenticated administrators to obtain sensitive information via crafted XML data. The vulnerability exists in the XML parsing mechanism, enabling a malicious user to inject malicious XML data into the web-based device management front-end and retrieve arbitrary content from the device. The attack requires the user to be an authenticated administrator issuing the request. **Recommendations** For PAN-OS versions 5.0.15 and earlier, update to version 5.0.16 or later. For PAN-OS versions 6.0.7 and earlier, update to version 6.0.8 or later. For PAN-OS versions 6.1.3 and earlier, update to version 6.1.4 or later.