CVE-2023-6790

Published Dec 13, 2023

Last updated a year ago

CVSS medium 6.1

Overview

Description: A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface.
Source: psirt@paloaltonetworks.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
psirt@paloaltonetworks.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C73941F-EBEE-4A03-94A4-B4C7C96E4963",
            "versionEndExcluding": "8.1.25",
            "versionStartIncluding": "8.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE",
            "versionEndExcluding": "9.0.17",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56181B13-327B-4249-A7E8-246B2420CEFC",
            "versionEndExcluding": "9.1.16",
            "versionStartIncluding": "9.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71F1F86A-8158-4BE8-B509-5F50421DA829",
            "versionEndExcluding": "10.0.12",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18EE46C0-B863-4AE4-833C-05030D8AD1AF",
            "versionEndExcluding": "10.1.9",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D61F01F8-1598-4078-9D98-BFF5B62F3BA5",
            "versionEndExcluding": "10.2.4",
            "versionStartIncluding": "10.2.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F3693A5-182E-4723-BE2A-062D0C9E736C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References