First published: Wed Nov 13 2024(Updated: )
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Palo Alto Networks Cloud NGFW | ||
Palo Alto Networks PAN-OS | <11.1.4=11.1.0<11.0.6=11.0.0<10.2.11=10.2.0<10.1.14=10.1.0 | 11.1.4 11.0.6 10.2.11 10.1.14 |
Palo Alto Networks Prisma Access |
This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.4, and all later PAN-OS versions.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.