CVE-2023-6789

PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

Description

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.

Remediation

Solution:

This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.

Workaround:

This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.

References

Link	Tags
https://security.paloaltonetworks.com/CVE-2023-6789	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-6789?: CVE-2023-6789 has been scored as a medium severity vulnerability.
How to fix CVE-2023-6789?: To fix CVE-2023-6789: This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.
Is CVE-2023-6789 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-6789 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-6789?: CVE-2023-6789 affects Palo Alto Networks PAN-OS, Palo Alto Networks Prisma Access, Palo Alto Networks Cloud NGFW.

Description

Remediation

Category

CWE-79 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References

Frequently Asked Questions