Topic starter
Description
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
References
- MISC: https://security.paloaltonetworks.com/CVE-2024-0010
- URL: https://security.paloaltonetworks.com/CVE-2024-0010
Required Configuration for Exposure
This issue is applicable only to PAN-OS firewall configurations with a GlobalProtect portal enabled. You can verify whether you have a GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Portals).
Severity: MEDIUM
Solution
This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h1, PAN-OS 10.1.12, and all later PAN-OS versions.
Â
Â
Posted : 07/05/2024 6:14 pm