Palo Alto Networks PAN-OS Software Vulnerable to Cross-Site Scripting Attacks
CVE-2024-5920
Currently unrated 🤨
Key Information
- Vendor
- Palo Alto Networks
- Status
- Cloud Ngfw
- Pan-os
- Prisma Access
- Vendor
- CVE Published:
- 14 November 2024
Badges
👾 Exploit Exists
Summary
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.
Affected Version(s)
Cloud NGFW >= All
PAN-OS >= 11.2.0
PAN-OS < 11.1.4
Refferences
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Kajetan Rostojek