PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface
CVE-2021-3052
8HIGH
Key Information
- Vendor
- Palo Alto Networks
- Status
- Pan-os
- Vendor
- CVE Published:
- 8 September 2021
Badges
👾 Exploit Exists
Summary
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access.
Affected Version(s)
PAN-OS >= 10.1.*
PAN-OS < 9.0.14
PAN-OS < 8.1.20
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
- 👾
Exploit exists.
Risk change from: 5.4 to: 8 - (HIGH)
Initial publication
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Palo Alto Networks thanks Cristian Mocanu and Dan Marin of Deloitte for discovering and reporting this issue.