Topic starter
Description:-
A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
References
- MISC: https://security.paloaltonetworks.com/CVE-2024-0011
- URL: https://security.paloaltonetworks.com/CVE-2024-0011
Â
Required Configuration for Exposure
This issue is applicable only to firewalls that are configured to use Captive Portal authentication. You can verify whether you have Captive Portal configured in the Captive Portal Settings page (Device > User Identification > Captive Portal Settings).
Solution
This issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.13, PAN-OS 10.0.11, PAN-OS 10.1.3, and all later PAN-OS versions.
Â
Posted : 07/05/2024 7:29 pm
