Palo Alto Networks - Product Advisory Alert
Posted: 14/5 2015
Palo Alto have informed Teneo this week of a Cross-Site Scripting vulnerability in the web-based device management interface.
A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. (Ref# 73638)
PAN-OS 6.1.2 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier
PAN-OS 6.1.3, PAN-OS 6.0.9, and PAN-OS 5.0.16 address this issue.
Workarounds and Mitigations
This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.
Avi Gimpel, Oded Vanunu, and Liad Mizrachi from Check Point Security Research Team
Keep up to date with the latest news
We will be keeping up to date with all the latest information and updates, so please get in touch with any questions or concerns at firstname.lastname@example.org
To keep up to date with what we know, follow us on Twitter