CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal
Description
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of a user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Cloud NGFW | None | All |
| PAN-OS 11.1 | None | All |
| PAN-OS 11.0 | None | All |
| PAN-OS 10.2 | None | All |
| PAN-OS 10.1 | < 10.1.11-h1, < 10.1.12 | >= 10.1.11-h1, >= 10.1.12 |
| PAN-OS 9.1 | < 9.1.17 | >= 9.1.17 |
| PAN-OS 9.0 | < 9.0.17-h4 | >= 9.0.17-h4 |
| Prisma Access | None | All |
Required Configuration for Exposure
This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal enabled. You can verify whether you have a GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Portals).
Severity: MEDIUM
CVSSv4.0 Base Score: 5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Solution
This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h1, PAN-OS 10.1.12, and all later PAN-OS versions.
Workarounds and Mitigations
Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94972 (Applications and Threats content update 8810).