Cross-Site Scripting Vulnerability in PAN-OS Management Interface by Palo Alto Networks
CVE-2019-1566

6.1MEDIUM

Key Information:

Vendor
Palo Alto Networks
Status
Palo Alto Networks Pan-os
Vendor
CVE Published:
30 January 2019

Summary

The management web interface of PAN-OS may be exploited by unsanctioned individuals who can inject arbitrary JavaScript or HTML. This specific vulnerability, found in various versions of PAN-OS, poses risks to the security of data and could potentially lead to unauthorized access or data manipulation if exploited. Timely updates and management practices are essential to protect against such vulnerabilities.

Affected Version(s)

Palo Alto Networks PAN-OS PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier.

References

http://www.securityfocus.com/bid/106750
vdb-entryx_refsource_BID
https://security.paloaltonetworks.com/CVE-2019-1566
x_refsource_CONFIRM
https://www.purplemet.com/blog/palo-alto-firewall-multipl...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.