Security Advisory

Palo Alto Networks (PAN-OS) Products February 2024 Security Update Advisory

  • Feb 16 2024

Overview

 

Palo Alto Networks(https://www.paloaltonetworks.com/) has released a security update that addresses vulnerabilities in products it has shipped. users of affected products are encouraged to update to the latest version.

 

Affected Products

 

CVE-2024-0007

  • Versions prior to PAN-OS 10.1.6 on Panorama
  • Versions prior to PAN-OS 10.0.11 on Panorama
  • Versions prior to PAN-OS 9.1.16 on Panorama
  • Versions prior to PAN-OS 9.0.17 on Panorama
  • Versions prior to PAN-OS 8.1.24-h1 on Panorama
  • Versions prior to PAN-OS 8.1.25 on Panorama
     

CVE-2024-0008

  • Versions prior to PAN-OS 11.0.2
  • Versions prior to PAN-OS 10.2.5
  • Versions prior to PAN-OS 10.1.10-h1
  • Versions prior to PAN-OS 10.1.11
  • Versions prior to PAN-OS 10.0.12-h1
  • Versions prior to PAN-OS 10.0.13
  • Versions prior to PAN-OS 9.1.17
  • Versions prior to PAN-OS 9.0.17-h2
  • Versions prior to PAN-OS 9.0.18

CVE-2024-0009

  • Versions prior to PAN-OS 11.0.1
  • Versions prior to PAN-OS 10.2.4

 

CVE-2024-0010

  • Versions prior to PAN-OS 10.1.11-h1
  • Versions prior to PAN-OS 10.1.12
  • Versions prior to PAN-OS 9.1.17
  • Versions prior to PAN-OS 9.0.17-h4

CVE-2024-0011

  • Versions prior to PAN-OS 10.1.3
  • Versions prior to PAN-OS 10.0.11
  • Versions prior to PAN-OS 9.1.13
  • Versions prior to PAN-OS 9.0.17
  • Versions prior to PAN-OS 8.1.24

 

Eesolved Vulnerabilities

 

Vulnerability in the JavaScript payload using the web interface of the panoramic device in PAN-OS (CVE-2024-0007, CVSS 6.3) [1]

Insufficient session expiration vulnerability in the web interface in PAN-OS (CVE-2024-0008, CVSS 5.4) [2]

Vulnerability in PAN-OS that allows VPN connections from unauthorized IP addresses (CVE-2024-0009, CVSS 5.3) [3]

XSS Vulnerability in PAN-OS (CVE-2024-0010, CVSS 5.1) [4]

XSS Vulnerability in PAN-OS (CVE-2024-0011, CVSS 5.1) [5]

 

vulnerability Patches

 

Vulnerability patches for each product were provided through an update on February 14, 2024

CVE-2024-0007

  • PAN-OS 10.1.6 on Panorama and later versions
  • PAN-OS 10.0.11 on Panorama and later versions
  • PAN-OS 9.1.16 on Panorama and later versions
  • PAN-OS 9.0.17 on Panorama and later versions
  • PAN-OS 8.1.24-h1 on Panorama and later
  • PAN-OS 8.1.25 on Panorama and later versions

 

CVE-2024-0008

  • PAN-OS 11.0.2 on Panorama and later versions
  • PAN-OS 10.2.5 and later versions
  • PAN-OS 10.1.10-h1 and later
  • PAN-OS 10.1.11 and later versions
  • PAN-OS 10.0.12-h1 and later
  • PAN-OS 10.0.13 and later versions
  • PAN-OS 9.1.17 and later versions
  • PAN-OS 9.0.17-h2 and later
  • PAN-OS 9.0.18 and later versions

 

CVE-2024-0009

  • PAN-OS 11.0.1 and later versions
  • PAN-OS 10.2.4 and later versions

 

CVE-2024-0010

  • PAN-OS 10.1.11-h1 and later
  • PAN-OS 10.1.12 and later versions
  • PAN-OS 9.1.17 and later versions
  • PAN-OS 9.0.17-h4 and later

 

CVE-2024-0011

  • PAN-OS 10.1.3 and later versions
  • PAN-OS 10.0.11 and later versions
  • PAN-OS 9.1.13 and later versions
  • PAN-OS 9.0.17 and later versions
  • PAN-OS 8.1.24 and later versions

 

reference Sites

 

[1] PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

https://security.paloaltonetworks.com/CVE-2024-0007

[2] PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface

https://security.paloaltonetworks.com/CVE-2024-0008

[3] PAN-OS: Improper IP Address Verification in GlobalProtect Gateway

https://security.paloaltonetworks.com/CVE-2024-0009

[4] PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal

https://security.paloaltonetworks.com/CVE-2024-0010

[5] PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

https://security.paloaltonetworks.com/CVE-2024-0011

Tags:

Previous Post

Next Post