Request a Demo
Rewterz
Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs
February 29, 2024
Rewterz
Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC iQ-F Vulnerability
February 29, 2024

Rewterz Threat Advisory – Multiple Palo Alto Networks PAN-OS Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-0007 CVSS:6.8

Palo Alto Networks PAN-OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web interface on Panorama appliances. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2024-0008 CVSS:6.6

Palo Alto Networks PAN-OS could allow a physical attacker to hijack a user’s session, caused by a flaw in the management interface. An attacker could exploit this vulnerability to gain access to other users’ session.

CVE-2024-0009 CVSS:6.3

Palo Alto Networks PAN-OS could allow a remote authenticated attacker to bypass security restrictions, caused by improper verification in the GlobalProtect gateway feature. By using stolen credentials, an attacker could exploit this vulnerability to establish a VPN connection from an unauthorized IP address.

CVE-2024-0010 CVSS:4.3

Palo Alto Networks PAN-OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the GlobalProtect portal feature. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2024-0011 CVSS:4.3

Palo Alto Networks PAN-OS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Captive Portal feature. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

  • Security Bypass
  • Cross-Site Scripting

Indicators Of Compromise

CVE

  • CVE-2024-0007
  • CVE-2024-0008
  • CVE-2024-0009
  • CVE-2024-0010
  • CVE-2024-0011

Affected Vendors

Palo Alto

Affected Products

  • Palo Alto Networks PAN-OS 9.0.0
  • Palo Alto Networks PAN-OS 9.1.0
  • Palo Alto Networks PAN-OS 10.2.3
  • Palo Alto Networks PAN-OS 11.0.0

Remediation

Refer to Palo Alto Networks Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-0007

CVE-2024-0008

CVE-2024-0009

CVE-2024-0010

CVE-2024-0011