Palo Alto Networks Security Advisories / CVE-2021-3052

CVE-2021-3052 PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface

047910
Severity 8 · HIGH
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required LOW
User Interaction REQUIRED
Scope UNCHANGED
Confidentiality Impact HIGH
Integrity Impact HIGH
Availability Impact HIGH

Description

A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator.

This issue impacts:

PAN-OS 8.1 versions earlier than 8.1.20;

PAN-OS 9.0 versions earlier than 9.0.14;

PAN-OS 9.1 versions earlier than 9.1.10;

PAN-OS 10.0 versions earlier than 10.0.2.

This issue does not affect Prisma Access.

Product Status

VersionsAffectedUnaffected
PAN-OS 10.1None10.1.*
PAN-OS 10.0< 10.0.2>= 10.0.2
PAN-OS 9.1< 9.1.10>= 9.1.10
PAN-OS 9.0< 9.0.14>= 9.0.14
PAN-OS 8.1< 8.1.20>= 8.1.20

Severity: HIGH

CVSSv3.1 Base Score: 8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

Exploitation Status

Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.

Weakness Type

CWE-79 Cross-site Scripting (XSS)

Solution

This issue is fixed in PAN-OS 9.0.14, PAN-OS 8.1.20, PAN-OS 9.1.10, PAN-OS 10.0.2, PAN-OS 10.1.0, and all later PAN-OS versions.

Workarounds and Mitigations

Enable signatures for Unique Threat IDs 91573, 91574, 91575, 91576 on traffic destined for the web interface to block attacks against CVE-2021-3052.

This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.

Acknowledgments

Palo Alto Networks thanks Cristian Mocanu and Dan Marin of Deloitte for discovering and reporting this issue.

Timeline

Added threat prevention workaround for the vulnerability
Initial publication
© 2020 Palo Alto Networks, Inc. All rights reserved.