CVE-2018-10139

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions 6.1.21 and earlier Palo Alto Networks PAN-OS versions 7.1.18 and earlier Palo Alto Networks PAN-OS versions 8.0.11 and earlier

Description The issue is caused by insufficient protection of the web page structure, allowing an unauthenticated attacker to inject arbitrary JavaScript or HTML. This can be exploited by a remote attacker. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions 6.1.21 and earlier, update to a version later than 6.1.21. For versions 7.1.18 and earlier, update to a version later than 7.1.18. For versions 8.0.11 and earlier, update to a version later than 8.0.11. As a temporary workaround, consider restricting access to the GlobalProtect Gateway to minimize the risk of exploitation.