CVE-2024-0011: 
PAN-OS vulnerability analysis and mitigation

A reflected cross-site scripting (XSS) vulnerability (CVE-2024-0011) was identified in the Captive Portal feature of Palo Alto Networks PAN-OS software. The vulnerability enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. The vulnerability affects multiple versions of PAN-OS including versions 8.1.0-8.1.24, 9.0.0-9.0.17, 9.1.0-9.1.13, and 10.0.0-10.0.11 (Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (MEDIUM) by NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. Palo Alto Networks assigned it a slightly lower CVSS score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation - Cross-site Scripting) (NVD).

If successfully exploited, this vulnerability could allow attackers to conduct phishing attacks leading to credential theft from authenticated Captive Portal users. The vulnerability specifically impacts the confidentiality and integrity of user data through the execution of malicious JavaScript code in the user's browser context (Vendor Advisory).

The vulnerability has been fixed in PAN-OS versions 8.1.24, 9.0.17, 9.1.13, 10.0.11, 10.1.3, and all later PAN-OS versions. Additionally, customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 93070 (Applications and Threats content update 8810) (Vendor Advisory).