CVE-2024-0010: 
PAN-OS vulnerability analysis and mitigation

A reflected cross-site scripting (XSS) vulnerability (CVE-2024-0010) was discovered in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software. The vulnerability was disclosed on February 14, 2024, affecting specific versions of PAN-OS including versions prior to 9.0.17-h4, 9.1.17, 10.1.11-h1, and 10.1.12 (Palo Advisory, NVD).

The vulnerability enables the execution of malicious JavaScript in the context of a user's browser when the user clicks on a malicious link. It has been assigned a CVSS v3.1 base score of 6.1 (MEDIUM) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Palo Alto Networks assessed it with a score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

If successfully exploited, this vulnerability could lead to phishing attacks resulting in credential theft. The attack requires user interaction, specifically clicking on a malicious link, and could compromise the security of the GlobalProtect portal (Palo Advisory).

The vulnerability has been fixed in PAN-OS versions 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h1, PAN-OS 10.1.12, and all later PAN-OS versions. Additionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 94972 (Applications and Threats content update 8810) (Palo Advisory).