Palo Alto Networks PAN-OS Software Vulnerable to Cross-Site Scripting Attacks

CVE-2024-0007

6.8MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Prisma Access; Cloud Ngfw
Vendor: CVE Published:; 14 February 2024

Badges

👾 Exploit Exists

Summary

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.

Affected Version(s)

PAN-OS < 8.1.24-h1

PAN-OS < 8.1.25

PAN-OS < 9.0.17

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 1, 2024
Initial publication
Feb 14, 2024
Vulnerability published.
Feb 14, 2024
Vulnerability Reserved.
Nov 9, 2023

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks an external reporter for discovering and reporting this issue.