CVE-2019-1565
published 2019-01-30CVE-2019-1565: The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is…
PriorityP426medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.67%
47.3th percentile
The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | palo_alto_networks_pan-os | — | — |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | <= 7.1.21 | — |
| paloaltonetworks | pan-os | 7.1.22 – 8.0.14 | — |
| paloaltonetworks | pan-os | 8.0.15 – 8.1.5 | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists
vendor_paloalto·2019-01-23·CVSS 5.4
CVE-2019-1565 [MEDIUM] CWE-79 Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists
Cross-Site Scripting (XSS) in PAN-OS External Dynamic Lists
A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS External Dynamic Lists. (Ref. # PAN-106776; CVE-2019-1565)
Successful exploitation of this issue may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.
This issue affects PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier.
Affected products: PAN-OS
Solution: PAN-OS 7.1.22 and later, PAN-OS 8.0.15 and later, and PAN-OS 8.1.6 and later.
Workaround: N/A
GHSA
GHSA-mrjc-729g-rfq4: The PAN-OS external dynamics lists in PAN-OS 7
ghsa_unreviewed·2022-05-13
CVE-2019-1565 [MEDIUM] CWE-79 GHSA-mrjc-729g-rfq4: The PAN-OS external dynamics lists in PAN-OS 7
The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML.
No detection rules found.
Nuclei
D-Link Routers - Remote Code Execution
nuclei·CVSS 9.8
CVE-2019-16920 [CRITICAL] D-Link Routers - Remote Code Execution
D-Link Routers - Remote Code Execution
D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
Template:
id: CVE-2019-16920
info:
name: D-Link Routers - Remote Code Execution
author: dwisiswant0
severity: critical
description: D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerabi
No writeups or analysis indexed.
2019-01-30
Published