CVE-2015-4162
published 2015-06-02CVE-2015-4162: XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote…
PriorityP418medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
1.03%
59.4th percentile
XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 5.0.15 | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6m7c-f2rj-4c4j: XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5
ghsa_unreviewed·2022-05-17
CVE-2015-4162 [MEDIUM] GHSA-6m7c-f2rj-4c4j: XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5
XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data.
Palo Alto
XML External Entity (XXE) Vulnerability
vendor_paloalto·2015-05-29·CVSS 4.0
CVE-2015-4162 [MEDIUM] XML External Entity (XXE) Vulnerability
XML External Entity (XXE) Vulnerability
An XML parsing vulnerability exists in PAN-OS allowing a malicious user within PAN-OS to inject malicious XML data into the web-based device management front-end allowing the user to retrieve arbitrary content from the device. The user must be an authenticated user issuing the request. (Ref #71273)
This issue affects the management interface of the device, where an authenticated administrator injects malicious XML data into the web UI interface.
This issue affects PAN-OS 5.0.15 and earlier; PAN-OS 6.0.7 and earlier; PAN-OS 6.1.3 and earlier
Affected products: PAN-OS
Solution: PAN-OS 5.0.16; PAN-OS 6.0.8; PAN-OS 6.1.4
Workaround: This issue affects the management interface of the device. Security appliance management best practices dictate that th
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-06-02
Published