PT-2021-18769 · Palo Alto Networks · Pan-Os
Cristian Mocanu
+1
·
Published
2021-09-08
·
Updated
2021-09-15
·
CVE-2021-3052
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PAN-OS versions earlier than 8.1.20
PAN-OS versions earlier than 9.0.14
PAN-OS versions earlier than 9.1.10
PAN-OS versions earlier than 10.0.2
Description
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator.
Recommendations
For PAN-OS 8.1 versions earlier than 8.1.20, update to version 8.1.20 or later.
For PAN-OS 9.0 versions earlier than 9.0.14, update to version 9.0.14 or later.
For PAN-OS 9.1 versions earlier than 9.1.10, update to version 9.1.10 or later.
For PAN-OS 10.0 versions earlier than 10.0.2, update to version 10.0.2 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pan-Os