PT-2016-7666 · Palo Alto Networks · Pan-Os
Khalilov Mukhammad
·
Published
2016-11-17
·
Updated
2020-02-17
·
CVE-2016-9149
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
PAN-OS versions 5.0.19 and earlier
PAN-OS versions 5.1.12 and earlier
PAN-OS versions 6.0.14 and earlier
PAN-OS versions 6.1.14 and earlier
PAN-OS versions 7.0.10 and earlier
PAN-OS versions 7.1.5 and earlier
Description
The Addresses Object parser in PAN-OS mishandles single quote characters, allowing remote authenticated users to conduct XPath injection attacks via a crafted string. This issue could allow XPath manipulation.
Recommendations
For PAN-OS versions 5.0.19 and earlier, update to version 5.0.20 or later.
For PAN-OS versions 5.1.12 and earlier, update to version 5.1.13 or later.
For PAN-OS versions 6.0.14 and earlier, update to version 6.0.15 or later.
For PAN-OS versions 6.1.14 and earlier, update to version 6.1.15 or later.
For PAN-OS versions 7.0.10 and earlier, update to version 7.0.11 or later.
For PAN-OS versions 7.1.5 and earlier, update to version 7.1.6 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os