CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
49.8%
A cross-site scripting vulnerability exists in the web-based device management interface whereby data provided by the user is echoed back to the user without sanitization. (Ref # 64563). This vulnerability has been assigned CVE-2014-3764.
This issue affects the management interface of the device, where an authenticated administrator may be tricked into injecting malicious javascript into the web UI interface.
This issue affects PAN-OS version 6.0.5 and earlier; 5.1.9 and earlier; 5.0.14 and earlier.
Work around:
This issue affects the management interface of the device. Security appliance management best practices dictate that the management interface be isolated and strictly limited only to security administration personnel.