Palo Alto Networks PAN-OS Software Vulnerable to Cross-Site Scripting Attacks
CVE-2024-0007

4.8MEDIUM

Key Information:

Vendor
CVE Published:
14 February 2024

Badges

๐Ÿ‘พ Exploit Exists

Summary

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.

Affected Version(s)

PAN-OS Panorama 8.1 < 8.1.24-h1

PAN-OS Panorama 8.1 < 8.1.25

PAN-OS Panorama 9.0 < 9.0.17

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks an external reporter for discovering and reporting this issue.
.