CVE-2016-9149

EUVD-2016-9966
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
paloaltonetworkspan-os
5.0.0 ≤
𝑥
< 5.0.20
paloaltonetworkspan-os
5.1.0 ≤
𝑥
< 5.1.13
paloaltonetworkspan-os
6.0.0 ≤
𝑥
< 6.0.15
paloaltonetworkspan-os
6.1.0 ≤
𝑥
< 6.1.15
paloaltonetworkspan-os
7.0.0 ≤
𝑥
< 7.0.11
paloaltonetworkspan-os
7.1.0 ≤
𝑥
< 7.1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94401
http://www.securitytracker.com/id/1037379
https://security.paloaltonetworks.com/CVE-2016-9149
http://www.securityfocus.com/bid/94401
http://www.securitytracker.com/id/1037379
https://security.paloaltonetworks.com/CVE-2016-9149