Last revised: 11/17/2016
The Addresses Object parsing function does not properly escape single quotes. (Ref # PAN-55237/92073/CVE-2016-9149)
This post-authentication vulnerability could allow XPath manipulation.
PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.14 and earlier; PAN-OS 7.0.10 and earlier; PAN-OS 7.1.5 and earlier
PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.15 and later; PAN-OS 7.0.11 and later; PAN-OS 7.1.6 and later
Palo Alto Networks would like to thank Khalilov Mukhammad from HelpAG for reporting this issue to us.