CVE-2024-0010

Published Feb 14, 2024

Last updated 2 months ago

CVSS medium 4.3

Overview

Description: A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.
Source: psirt@paloaltonetworks.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

psirt@paloaltonetworks.com: CWE-79
nvd@nist.gov: CWE-79

Hype score: Not currently trending

🟠 Palo Alto Networks PAN-#OS: Reflected Cross-Site Scripting (XSS) Vulnerability (#CVE-2024-0010) - MEDIUM https://t.co/wEXRYP0CJn
@dailycve
9 Dec 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77695C8C-9732-4605-A160-A5159BD8B49C",
            "versionEndExcluding": "10.1.11",
            "versionStartIncluding": "10.1.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6242E26-AF44-4A19-ADD3-CBB798A862D1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F9FFBA6-7008-422B-9CF1-E37CA62081EB",
            "versionEndExcluding": "9.1.17",
            "versionStartIncluding": "9.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89A55C5F-8E01-42C4-BE93-D683900C07BE",
            "versionEndExcluding": "9.0.17",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDAE9753-EF8D-4B15-A73C-0EF56FE6C78C"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A142EE1-E516-4582-9A7E-6E4C74FB3991"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5921D6F7-4C59-4DF1-B5DD-5CCA660B2EAF"
          },
          {
            "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:9.0.17:h3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACF6B9D6-0C48-48FD-8B5A-D0612B660212"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References