CVE-2024-0010

Common Vulnerabilities and Exposures

Last Post by Ivan Lon 2 weeks ago

1 Posts

1 Users

0 Likes

22 Views

RSS

Ivan Lon

(@ivan)

Posts: 47

Eminent Member

Topic starter

Description

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.

References

Required Configuration for Exposure

This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal enabled. You can verify whether you have a GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Portals).

Severity: MEDIUM

Solution

This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h1, PAN-OS 10.1.12, and all later PAN-OS versions.

Posted : 07/05/2024 6:14 pm

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed