Last revised: 02/21/2017
A persistent cross-site scripting (XSS) vulnerability exists in the management web interface (ref # PAN-66838 / CVE-2017-5584).
PAN-OS contains a post-authentication vulnerability that may allow for a persistent cross-site scripting (XSS) attack of the management web interface. Successful exploitation of this issue may allow an attacker to inject arbitrary Java script or HTML.
PAN-OS 5.1, PAN-OS 6.0, PAN-OS 6.1.15 and earlier, PAN-OS 7.0.12 and earlier, PAN-OS 7.1.7 and earlier
PAN-OS 6.1.16 and later, PAN-OS 7.0.13 and later, PAN-OS 7.1.8 and later
Palo Alto Networks recommends to implement best practice by allowing web interface access only to a dedicated management network. Additionally, restrict the set of IP addresses to a subset of authorized sources that you allow to interact with the management network.
Palo Alto Networks would like to thank Mohamed Keffous for reporting this issue to us.