Palo Alto Networks PAN-OS Portal Feature Vulnerable to Reflected Cross-Site Scripting Attacks
CVE-2024-0010
6.1MEDIUM
Key Information
- Vendor
- Palo Alto Networks
- Status
- Pan-os
- Prisma Access
- Cloud Ngfw
- Vendor
- CVE Published:
- 14 February 2024
Badges
👾 Exploit Exists
Summary
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
Affected Version(s)
PAN-OS < 9.0.17-h4
PAN-OS < 9.1.17
PAN-OS < 10.1.11-h1
Refferences
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Palo Alto Networks thanks Michał Majchrowicz and Livio Victoriano from Afine Team for discovering and reporting this issue.