CVE-2023-6789

Description

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

Palo Alto Networks / Cloud NGFWAll – All
Palo Alto Networks / pan-os9.0 – 9.0.17-h4
Palo Alto Networks / pan-os9.1 – 9.1.17
Palo Alto Networks / pan-os10.0 – All
Palo Alto Networks / pan-os10.1 – 10.1.11
Palo Alto Networks / pan-os8.1 – 8.1.26
Palo Alto Networks / pan-os11.0 – 11.0.2
Palo Alto Networks / pan-os11.1 – All
Palo Alto Networks / pan-os10.2 – 10.2.5
Palo Alto Networks / Prisma AccessAll – All

References

MISChttps://security.paloaltonetworks.com/CVE-2023-6789