- 327/2023
- High
Palo Alto has released security updates to address multiple vulnerabilities affecting PAN-OS and Cortex XSOAR.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting (XSS) attacks, obtain sensitive information or execute arbitrary code, and gain elevated privileges to the affected products.
Sample of the addressed vulnerabilities:
1. PAN-OS: DOM-Based Cross-Site Scripting (XSS) Vulnerability in the Web Interface (CVE-2023-6790):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Cross-Site Scripting
2. PAN-OS: Plaintext Disclosure of External System Integration Credentials (CVE-2023-6791):
- CVSS: 6.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Obtain Information
Sample of the affected products:
- Cortex XSOAR 6.10 < 6.10.0.250144 on Linux.
- Cortex XSOAR Kafka Integration v3 < 2.0.16.
- PAN-OS 11.0 < 11.0.1.
- PAN-OS 10.2 < 10.2.4.
- PAN-OS 10.1 < 10.1.9.
- PAN-OS 10.0 < 10.0.12.
Vulnerabilities
- CVE-2023-6790
- CVE-2023-6791
- CVE-2023-6792
- CVE-2023-6793
- CVE-2023-6794
- CVE-2023-6795
- CVE-2023-3289
- CVE-2023-3282
- CVE-2023-3281
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.