Palo Alto Networks PAN-OS CVE-2017-7409 Cross Site Scripting Vulnerability

Palo Alto Networks PAN-OS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

PAN-OS 7.0.14 and prior versions are affected.

Information

Bugtraq ID: 97953
Class: Input Validation Error
CVE: CVE-2017-7409

Remote: Yes
Local: No
Published: Apr 20 2017 12:00AM
Updated: Apr 21 2017 02:07PM
Credit: Jarrod Phelps from Uber.
Vulnerable: Paloaltonetworks PAN-OS 7.0.14
Paloaltonetworks PAN-OS 7.0.13
Paloaltonetworks PAN-OS 7.0.12
Paloaltonetworks PAN-OS 7.0.11
Paloaltonetworks PAN-OS 7.0.10
Paloaltonetworks PAN-OS 7.0.5
Paloaltonetworks PAN-OS 7.0.4
Paloaltonetworks PAN-OS 7.0.1
Paloaltonetworks PAN-OS 7.0.9
Paloaltonetworks PAN-OS 7.0.8
Paloaltonetworks PAN-OS 7.0.7

Not Vulnerable: Paloaltonetworks PAN-OS 7.0.15

Exploit

To exploit this issue the attacker needs to entice a user into following a malicious URI.

References:

• Palo Alto Networks Homepage (Palo Alto Networks)
  
• PAN-SA-2017-0011:Cross-Site Scripting in PAN-OS (Palo Alto)
  

Source: www.securityfocus.com