CVE-2014-3764

Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/61811
https://security.paloaltonetworks.com/CVE-2014-3764

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os:5.1:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:5.1.1:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:5.1.2:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:5.1.3:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:5.1.4:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:5.1.5:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:5.1.6:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:5.1.7:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:5.1.8:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:5.1.9:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:6.0:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:6.0.1:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:6.0.2:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:6.0.3:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:6.0.4:::::::*
	cpe:2.3:o:paloaltonetworks:pan-os:6.0.5:::::::*

History

No history.

Information

Published : 2015-01-06 15:59

Updated : 2024-02-04 18:35

NVD link : CVE-2014-3764

Mitre link : CVE-2014-3764

CVE.ORG link : CVE-2014-3764

JSON object : View

Products Affected

paloaltonetworks

pan-os

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2014-3764", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-01-06T15:59:01.430", "references": [{"url": "http://secunia.com/advisories/61811", "source": "cve@mitre.org"}, {"url": "https://security.paloaltonetworks.com/CVE-2014-3764", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563."}, {"lang": "es", "value": "Vulnerabilidad de XSS en la interfaz de gesti\u00f3n de dispositivos basados en web en Palo Alto Networks PAN-OS anterior a 5.0.15, 5.1.x anterior a 5.1.10, y 6.0.x anterior a 6.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Ref ID 64563."}], "lastModified": "2020-02-17T16:15:17.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38AA1B62-31F5-435B-B718-339F1CF8D1D1", "versionEndIncluding": "5.0.14"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65F6E18B-8C06-488C-B241-63DBAFDFFC03"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ABA3C2D-5912-4CDD-A96C-1C7F3E4F854C"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C181EBAD-EC9C-4721-84D8-2AFF9627B840"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:5.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970FD0AA-EB42-42D0-99B2-E39C15F96D2D"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:5.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C117576-B11D-4FCE-85AD-FDBAAA2ABEA9"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:5.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEAABE8C-9D3B-486F-B81C-D9A025E8D0AE"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:5.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CF131B8-5395-4D84-BD54-07CE5B0280B7"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:5.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F49206F-EA13-4361-B951-AEF2F097D36B"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:5.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DE41B7B-2214-4724-B20A-6F5F8FEB45D2"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:5.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A9F93F1-CDB5-42AB-BD49-25A50DD95200"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F4DB103-A11A-4C38-A167-F0FCB8F6AA70"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A86F16D-61CA-4681-91CB-F397AC090F87"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "583BC735-6DF1-40CE-880B-F91F233EAE17"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C43C313-A379-46C2-96B9-F510AA3E40AA"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D55C68C0-1396-4640-8EBB-39E91347E037"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:6.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7793347E-7D25-4B5E-B958-03DD0E7D94C4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}