Palo Alto Networks PAN-OS 4.1.x < 4.1.16 / 5.0.x < 5.0.10 / 5.1.x < 5.1.5 API Key Bypass Flaw
Low Nessus Plugin ID 73138
SynopsisThe remote host is affected by an API key bypass flaw.
DescriptionThe remote host is running a version of Palo Alto Networks PAN-OS prior to 4.1.16 / 5.0.10 / 5.1.5. It is, therefore, affected by an API key bypass flaw which allows a remote attacker to bypass the XML API key for a session that has already been authorized.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to PAN-OS version 4.1.16 / 5.0.10 / 5.1.5 or later.