PT-2019-1348 · Palo Alto Networks · Pan-Os
Published
2019-01-23
·
Updated
2023-03-01
·
CVE-2019-1566
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PAN-OS versions 7.1.21 and earlier
PAN-OS versions 8.0.14 and earlier
PAN-OS versions 8.1.5 and earlier
Description
The PAN-OS management web interface has a vulnerability due to insufficient protection of the web page structure. This issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML code into a loaded web page. Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
Recommendations
For PAN-OS versions 7.1.21 and earlier, update to a version later than 7.1.21 to resolve the issue.
For PAN-OS versions 8.0.14 and earlier, update to a version later than 8.0.14 to resolve the issue.
For PAN-OS versions 8.1.5 and earlier, update to a version later than 8.1.5 to resolve the issue.
As a temporary workaround, consider restricting access to the management web interface to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os