Strix
26.1K

CVE-2017-5584

UnknownEPSS 0.84%

Last modified

CVE-2017-5584 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.. EPSS estimates a 0.84% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Metrics

EPSS Probability
0.84%

53.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
PaloaltonetworksPan-Os5.1
PaloaltonetworksPan-Os6.0
PaloaltonetworksPan-Os6.0.1
PaloaltonetworksPan-Os6.0.2
PaloaltonetworksPan-Os6.0.3
PaloaltonetworksPan-Os6.0.4
PaloaltonetworksPan-Os6.0.5
PaloaltonetworksPan-Os6.0.6
PaloaltonetworksPan-Os6.0.7
PaloaltonetworksPan-Os6.0.8
PaloaltonetworksPan-Os6.0.9
PaloaltonetworksPan-Os6.0.10
PaloaltonetworksPan-Os6.0.11
PaloaltonetworksPan-Os6.0.12
PaloaltonetworksPan-Os6.1.0
PaloaltonetworksPan-Os6.1.1
PaloaltonetworksPan-Os6.1.2
PaloaltonetworksPan-Os6.1.3
PaloaltonetworksPan-Os6.1.4
PaloaltonetworksPan-Os6.1.5
PaloaltonetworksPan-Os6.1.6
PaloaltonetworksPan-Os6.1.7
PaloaltonetworksPan-Os6.1.8
PaloaltonetworksPan-Os6.1.9
PaloaltonetworksPan-Os6.1.10
PaloaltonetworksPan-Os6.1.11
PaloaltonetworksPan-Os6.1.12
PaloaltonetworksPan-Os6.1.13
PaloaltonetworksPan-Os6.1.14
PaloaltonetworksPan-Os6.1.15
PaloaltonetworksPan-Os7.0.1
PaloaltonetworksPan-Os7.0.2
PaloaltonetworksPan-Os7.0.3
PaloaltonetworksPan-Os7.0.4
PaloaltonetworksPan-Os7.0.5
PaloaltonetworksPan-Os7.0.5-h2
PaloaltonetworksPan-Os7.0.6
PaloaltonetworksPan-Os7.0.7
PaloaltonetworksPan-Os7.0.8
PaloaltonetworksPan-Os7.0.9
PaloaltonetworksPan-Os7.0.10
PaloaltonetworksPan-Os7.0.11
PaloaltonetworksPan-Os7.0.12
PaloaltonetworksPan-Os7.1.0
PaloaltonetworksPan-Os7.1.1
PaloaltonetworksPan-Os7.1.2
PaloaltonetworksPan-Os7.1.3
PaloaltonetworksPan-Os7.1.4
PaloaltonetworksPan-Os7.1.4-h2
PaloaltonetworksPan-Os7.1.5

Showing 50 of 52 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-5584?
Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
How severe is CVE-2017-5584?
Severity scoring for CVE-2017-5584 is pending analysis. The EPSS model estimates a 0.84% probability of exploitation in the next 30 days.
How do I fix CVE-2017-5584?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-5584?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST