CVE-2015-4162XML External Entity (XXE) Injection in Paloaltonetworks Pan-os

4 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.3%
top 45.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Paloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedJun 2
Latest updateMay 17

Description

XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-6m7c-f2rj-4c4j: XML external entity (XXE) vulnerability in the management interface in PAN-OS before 52022-05-17
CVEList
CVE-2015-4162: XML external entity (XXE) vulnerability in the management interface in PAN-OS before 52015-06-02

📋Vendor Advisories

1
Palo Alto
XML External Entity (XXE) Vulnerability2015-05-29
CVE-2015-4162 — XML External Entity (XXE) Injection | cvebase