CVE-2019-1565

5.4MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Palo Alto Networks Pan-os
Vendor: CVE Published:; 30 January 2019

Summary

The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.

Affected Version(s)

Palo Alto Networks PAN-OS PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier.

References

http://www.securityfocus.com/bid/106752

vdb-entryx_refsource_BID

https://security.paloaltonetworks.com/CVE-2019-1565

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 30, 2019
Vulnerability Reserved
Dec 6, 2018