CVE-2023-6789: 
PAN-OS vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Palo Alto Networks PAN-OS software, identified as CVE-2023-6789. The vulnerability was disclosed on December 13, 2023, affecting multiple versions of PAN-OS including versions 8.1, 9.0, 9.1, 10.1, 10.2, and 11.0. The vulnerability received a CVSS v3.1 base score of 4.8 (MEDIUM) (Palo Alto Advisory).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. When this payload is viewed by another properly authenticated administrator, the JavaScript executes and disguises all associated actions as being performed by the unsuspecting authenticated administrator. The vulnerability has been assigned a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (NVD).

The successful exploitation of this vulnerability could allow attackers to execute JavaScript code in the context of other administrators' sessions, potentially leading to unauthorized actions being performed under the identity of legitimate administrators. The impact is considered medium severity due to the high privilege requirement and the need for user interaction (Palo Alto Advisory).

The vulnerability has been fixed in PAN-OS versions 8.1.26, 9.0.17-h4, 9.1.17, 10.1.11, 10.2.5, 11.0.2, and all later PAN-OS versions. As a mitigation measure, organizations can follow the Best Practices for Securing Administrative Access in the PAN-OS technical documentation. The issue requires authenticated access to the PAN-OS web interface, so implementing proper access controls can help mitigate the risk (Palo Alto Advisory).