CVE-2015-4162

Name of the Vulnerable Software and Affected Versions PAN-OS versions 5.0.15 and earlier PAN-OS versions 6.0.7 and earlier PAN-OS versions 6.1.3 and earlier

Description The issue is related to an XML external entity (XXE) vulnerability in the management interface. This allows remote authenticated administrators to obtain sensitive information via crafted XML data. The vulnerability exists in the XML parsing mechanism, enabling a malicious user to inject malicious XML data into the web-based device management front-end and retrieve arbitrary content from the device. The attack requires the user to be an authenticated administrator issuing the request.

Recommendations For PAN-OS versions 5.0.15 and earlier, update to version 5.0.16 or later. For PAN-OS versions 6.0.7 and earlier, update to version 6.0.8 or later. For PAN-OS versions 6.1.3 and earlier, update to version 6.1.4 or later.