Palo Alto Networks Security Advisories / CVE-2024-0007

CVE-2024-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

Urgency MODERATE

047910
Severity 6.3 · MEDIUM
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction PASSIVE
Product Confidentiality LOW
Product Integrity LOW
Product Availability LOW
Privileges Required HIGH
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability HIGH

Description

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator.

Product Status

VersionsAffectedUnaffected
Cloud NGFW NoneAll
PAN-OS 11.1NoneAll on Panorama
PAN-OS 11.0NoneAll on Panorama
PAN-OS 10.2NoneAll on Panorama
PAN-OS 10.1< 10.1.6 on Panorama>= 10.1.6 on Panorama
PAN-OS 10.0< 10.0.11 on Panorama>= 10.0.11 on Panorama
PAN-OS 9.1< 9.1.16 on Panorama>= 9.1.16 on Panorama
PAN-OS 9.0< 9.0.17 on Panorama>= 9.0.17 on Panorama
PAN-OS 8.1< 8.1.24-h1 on Panorama, < 8.1.25 on Panorama>= 8.1.24-h1 on Panorama, >= 8.1.25 on Panorama
Prisma Access NoneAll

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-B: 6.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Solution

This issue is fixed on Panorama in PAN-OS 8.1.24-h1, PAN-OS 9.0.17, PAN-OS 9.1.16, PAN-OS 10.0.11, PAN-OS 10.1.6, and all later PAN-OS versions.

Workarounds and Mitigations

This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.

Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94996 (Applications and Threats content update 8810).

Acknowledgments

Palo Alto Networks thanks an external reporter for discovering and reporting this issue.

Timeline

Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.