Palo Alto Networks PAN-OS 5.x < 5.0.9 Multiple Vulnerabilities
Medium Nessus Plugin ID 72829
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe remote host is running a version of Palo Alto Networks PAN-OS 5.x prior to 5.0.9. It is, therefore, affected by multiple vulnerabilities :
- A security bypass vulnerability exists due to a failure to properly enforce RADIUS users' permissions. An authenticated attacker can exploit this to modify shared objects. (Ref# 55287)
- A cross-site request forgery vulnerability exists due to a failure to properly validate HTTP requests to certain file upload forms, including 'import.certificate.php'.
- Multiple HTML injection vulnerabilities exist due to a failure to sanitize user-supplied input to the 'Name', 'Subject', and 'Issuer' fields in imported certificates.
An attacker can exploit this to inject arbitrary HTML into the device's web interface.
SolutionUpgrade to PAN-OS version 5.0.9 or later.