VDB
CVE-2024-0007
CVE-2024-0007
PUBLISHED
In PaloAlto Networks PAN-OS existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in der Weboberfläche von Panorama-Appliances nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter, privilegierter Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen.
EPSS 0.53% · 67.7th percentile
Risk Scores
EPSS Score
0.53%
67.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PaloAlto Networks | PaloAlto Networks PAN-OS < 9.1.13 | |
| PaloAlto Networks | PaloAlto Networks PAN-OS < 10.1.3 |
Exploit Intelligence
- CIRCL seen: CVE-2024-0007 (circl-sighting)
- CIRCL seen: CVE-2024-0007 (circl-sighting)
- https://security.paloaltonetworks.com/CVE-2024-0007 (circl)
- packageScanner_test.cpp (github-poc)
- packageScanner_test.cpp (github-poc)
- packageScanner_test.cpp (github-poc)
- packageScanner_test.cpp (github-poc)
- packageScanner_test.cpp (github-poc)
- packageScanner_test.cpp (github-poc)
Timeline
- Feb 14, 2024 CVE Published
- Feb 14, 2024 PoC Published
- Feb 15, 2024 EPSS Score
- Mar 6, 2024 PoC Published
- Mar 13, 2024 EPSS Score
- Apr 9, 2024 EPSS Score
- May 6, 2024 EPSS Score
- Jun 29, 2024 EPSS Score
- Jul 26, 2024 EPSS Score
- Aug 1, 2024 CVE Updated
- Aug 26, 2024 EPSS Score
- Sep 22, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0394.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0394 advisory
- https://security.paloaltonetworks.com/CVE-2024-0007 advisory
- https://security.paloaltonetworks.com/CVE-2024-0008 advisory
- https://security.paloaltonetworks.com/CVE-2024-0009 advisory
- https://security.paloaltonetworks.com/CVE-2024-0010 advisory
- https://security.paloaltonetworks.com/CVE-2024-0011 advisory