CVE-2019-1566
published 2019-01-30CVE-2019-1566: The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated…
PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.19%
64.1th percentile
The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | palo_alto_networks_pan-os | — | — |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | >= 7.1.0 < 7.1.22 | 7.1.22 |
| paloaltonetworks | pan-os | >= 8.0.0 < 8.0.15 | 8.0.15 |
| paloaltonetworks | pan-os | >= 8.1.0 < 8.1.6 | 8.1.6 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cmgf-vp4c-gh93: The PAN-OS management web interface in PAN-OS 7
ghsa_unreviewed·2022-05-13
CVE-2019-1566 [MEDIUM] CWE-79 GHSA-cmgf-vp4c-gh93: The PAN-OS management web interface in PAN-OS 7
The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
Palo Alto
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
vendor_paloalto·2019-01-23·CVSS 6.1
CVE-2019-1566 [MEDIUM] CWE-79 Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
Cross-Site Scripting (XSS) in PAN-OS Management Web Interface
A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS Management Web Interface. (Ref. # PAN-107262; CVE-2019-1566)
Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
This issue affects PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier.
Affected products: PAN-OS
Solution: PAN-OS 7.1.22 and later, PAN-OS 8.0.15 and later, and PAN-OS 8.1.6 and later.
Workaround: This issue affects the web-based management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Our best practices guidelines reduce the exposure of the management interface to potential attackers
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/106750https://security.paloaltonetworks.com/CVE-2019-1566https://www.purplemet.com/blog/palo-alto-firewall-multiple-xss-vulnerabilitieshttp://www.securityfocus.com/bid/106750https://security.paloaltonetworks.com/CVE-2019-1566https://www.purplemet.com/blog/palo-alto-firewall-multiple-xss-vulnerabilities
2019-01-30
Published