Lucene search

Palo_altoCVELIST:CVE-2024-0010

HistoryFeb 14, 2024 - 5:32 p.m.

CVE-2024-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal

2024-02-1417:32:28

CWE-79

palo_alto

www.cve.org

cve-2024-0010

pan-os

cross-site scripting

globalprotect

portal

palo alto networks

software

javascript

phishing

credential theft

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PAN-OS",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "changes": [
          {
            "at": "9.0.17-h4",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.0.17-h4",
        "status": "affected",
        "version": "9.0",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "9.1.17",
            "status": "unaffected"
          }
        ],
        "lessThan": "9.1.17",
        "status": "affected",
        "version": "9.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.1.11-h1",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.1.11-h1",
        "status": "affected",
        "version": "10.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.1.12",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.1.12",
        "status": "affected",
        "version": "10.1",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "11.0.1",
            "status": "unaffected"
          }
        ],
        "lessThan": "11.0.1",
        "status": "unaffected",
        "version": "10.2",
        "versionType": "custom"
      },
      {
        "changes": [
          {
            "at": "10.1.10-h1",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.1.10-h1",
        "status": "unaffected",
        "version": "11.0",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "11.1"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Prisma Access",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cloud NGFW",
    "vendor": "Palo Alto Networks",
    "versions": [
      {
        "status": "unaffected",
        "version": "All"
      }
    ]
  }
]

References

security.paloaltonetworks.com/CVE-2024-0010

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-0010