CVE-2024-0007: 
PAN-OS vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability (CVE-2024-0007) was identified in Palo Alto Networks PAN-OS software, specifically affecting the web interface on Panorama appliances. The vulnerability enables a malicious authenticated read-write administrator to store a JavaScript payload, which can be used to impersonate another authenticated administrator (Palo Alto Advisory).

The vulnerability is classified as a stored XSS issue (CWE-79: Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 base score of 4.8 (MEDIUM) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Palo Alto Networks assessed it at 6.8 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H (NVD, Palo Alto Advisory).

The vulnerability allows an authenticated administrator with read-write privileges to store malicious JavaScript code that can be used to impersonate other authenticated administrators on the system. This could lead to unauthorized actions being performed under the context of the impersonated administrator (Palo Alto Advisory).

The vulnerability has been fixed in PAN-OS versions 8.1.24-h1, 9.0.17, 9.1.16, 10.0.11, 10.1.6, and all later versions. Organizations can mitigate the impact by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation. Additionally, customers with a Threat Prevention subscription can block attacks by enabling Threat ID 94996 (Applications and Threats content update 8810) (Palo Alto Advisory).