Palo Alto Networks - Product Advisory Alert
Posted: 14/5 2015
Palo Alto have informed Teneo this week of a Cross-Site Scripting vulnerability in the web-based device management interface.
Summary
A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. (Ref# 73638)
Severity: Medium
This issue affects the management interface of the device, where an authenticated administrator may be tricked into injecting malicious javascript into the web UI interface.
Products Affected
PAN-OS 6.1.2 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier
Available Updates
PAN-OS 6.1.3, PAN-OS 6.0.9, and PAN-OS 5.0.16 address this issue.
Workarounds and Mitigations
This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.
Acknowledgements
Avi Gimpel, Oded Vanunu, and Liad Mizrachi from Check Point Security Research Team
Keep up to date with the latest news
We will be keeping up to date with all the latest information and updates, so please get in touch with any questions or concerns at support@teneo.net
To keep up to date with what we know, follow us on Twitter
Comments
0 comments
Article is closed for comments.