PT-2019-1347 · Palo Alto Networks · Pan-Os
Mina Mohsen Edwar
·
Published
2019-01-23
·
Updated
2020-02-17
·
CVE-2019-1565
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PAN-OS versions 7.1.21 and earlier
PAN-OS versions 8.0.14 and earlier
PAN-OS versions 8.1.5 and earlier
Description
The issue allows an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. This is due to insufficient protection of the web page structure. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.
Recommendations
For PAN-OS versions 7.1.21 and earlier, update to a version later than 7.1.21 to resolve the issue.
For PAN-OS versions 8.0.14 and earlier, update to a version later than 8.0.14 to resolve the issue.
For PAN-OS versions 8.1.5 and earlier, update to a version later than 8.1.5 to resolve the issue.
As a temporary workaround, consider restricting access to the External Dynamic List configuration to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os