Missing XML Validation

CVE-2020-1975

Medium

6.8/10

Summary

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-112 - Missing XML Validation

The software accepts XML from an untrusted source but does not validate the XML against the proper schema.

References

Advisory Timeline

Published Feb 12, 2020

Missing XML Validation

CVE-2020-1975

Summary

CWE-112 - Missing XML Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS