April 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs
February 29, 2024Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-F Vulnerability
February 29, 2024Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs
February 29, 2024Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-F Vulnerability
February 29, 2024
Severity
Medium
Analysis Summary
CVE-2024-0007 CVSS:6.8
Palo Alto Networks PAN-OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web interface on Panorama appliances. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2024-0008 CVSS:6.6
Palo Alto Networks PAN-OS could allow a physical attacker to hijack a user’s session, caused by a flaw in the management interface. An attacker could exploit this vulnerability to gain access to other users’ session.
CVE-2024-0009 CVSS:6.3
Palo Alto Networks PAN-OS could allow a remote authenticated attacker to bypass security restrictions, caused by improper verification in the GlobalProtect gateway feature. By using stolen credentials, an attacker could exploit this vulnerability to establish a VPN connection from an unauthorized IP address.
CVE-2024-0010 CVSS:4.3
Palo Alto Networks PAN-OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the GlobalProtect portal feature. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2024-0011 CVSS:4.3
Palo Alto Networks PAN-OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Captive Portal feature. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Security Bypass
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2024-0007
- CVE-2024-0008
- CVE-2024-0009
- CVE-2024-0010
- CVE-2024-0011
Affected Vendors
Palo Alto
Affected Products
- Palo Alto Networks PAN-OS 9.0.0
- Palo Alto Networks PAN-OS 9.1.0
- Palo Alto Networks PAN-OS 10.2.3
- Palo Alto Networks PAN-OS 11.0.0
Remediation
Refer to Palo Alto Networks Security Advisory for patch, upgrade or suggested workaround information.