- 110/2023
- Medium
Palo Alto has released security updates addressing vulnerabilities in multiple products.
The addressed vulnerabilities could allow the attacker to store a JavaScript payload in the web interface or export local files from the firewall through a race condition.
The addressed vulnerabilities:
1. Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web
Interface (CVE-2023-0007):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Cross-Site Scripting
2. Local File Disclosure Vulnerability in the PAN-OS Web Interface (CVE-2023-0008):
- CVSS: 4.4
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2023-0007
- CVE-2023-0008
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.