Описание
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.8 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.
Уязвимость операционной системы PAN-OS, связанная с неверным ограничением XML-ссылок на внешние объекты, позволяющая нарушителю повысить свои привилегии
EPSS
6.8 Medium
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2