Palo Alto Networks PAN-OS 软件的 Captive Portal 功能中存在一个反射型跨站脚本 (XSS) 漏洞，如果用户点击恶意链接，该漏洞可能允许在经过身份验证的 Captive Portal 用户的浏览器上下文中执行恶意 JavaScript，从而导致可能导致凭据被盗的网络钓鱼攻击。

😄 **漏洞概述:** 此漏洞存在于 Palo Alto Networks PAN-OS 软件的 Captive Portal 功能中，攻击者可以通过构造恶意链接，诱使用户点击，从而在用户浏览器中执行恶意 JavaScript 代码，进而窃取用户的敏感信息，例如登录凭据等。

😊 **影响范围:** 该漏洞影响使用 Captive Portal 身份验证功能的防火墙，包括 PAN-OS 8.1、9.0、9.1、10.0、10.1 和 10.2 版本。具体受影响的版本请参考官方安全公告。

😉 **解决办法:** Palo Alto Networks 已发布了安全补丁，修复了此漏洞。建议用户尽快升级到 PAN-OS 8.1.24、PAN-OS 9.0.17、PAN-OS 9.1.13、PAN-OS 10.0.11、PAN-OS 10.1.3 或更高版本，以消除安全风险。

😎 **缓解措施:** 在升级到最新版本之前，用户可以启用 Threat Prevention 服务，并开启 Threat ID 93070，以阻止此漏洞的攻击。

🥳 **漏洞发现:** 该漏洞是由 Darek Jensen 和外部报告者发现并报告的。

Palo Alto Networks Security Advisories /CVE-2024-0011CVE-2024-0011 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal AuthenticationUrgencyMODERATEResponse EffortLOWRecoveryAUTOMATICValue DensityDIFFUSEAttack VectorNETWORKAttack ComplexityLOWAttack RequirementsNONEAutomatableNOUser InteractionACTIVEProduct ConfidentialityNONEProduct IntegrityLOWProduct AvailabilityNONEPrivileges RequiredNONESubsequent ConfidentialityNONESubsequent IntegrityNONESubsequent AvailabilityNONENVDJSON Published2024-02-14 Updated2024-02-24ReferencePAN-175970DiscoveredexternallyDescriptionA reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to credential theft.Product StatusVersionsAffectedUnaffectedCloud NGFW NoneAllPAN-OS 11.1NoneAllPAN-OS 11.0NoneAllPAN-OS 10.2NoneAllPAN-OS 10.1< 10.1.3>= 10.1.3PAN-OS 10.0< 10.0.11>= 10.0.11PAN-OS 9.1< 9.1.13>= 9.1.13PAN-OS 9.0< 9.0.17>= 9.0.17PAN-OS 8.1< 8.1.24>= 8.1.24Prisma Access NoneAllRequired Configuration for ExposureThis issue is applicable only to firewalls that are configured to use Captive Portal authentication. You can verify whether you have Captive Portal configured in the Captive Portal Settings page (Device > User Identification > Captive Portal Settings).Severity:MEDIUMCVSSv4.0Base Score:5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber)Exploitation StatusPalo Alto Networks is not aware of any malicious exploitation of this issue.Weakness TypeCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')SolutionThis issue is fixed in PAN-OS 8.1.24, PAN-OS 9.0.17, PAN-OS 9.1.13, PAN-OS 10.0.11, PAN-OS 10.1.3, and all later PAN-OS versions.Workarounds and MitigationsCustomers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 93070 (Applications and Threats content update 8810).AcknowledgmentsPalo Alto Networks thanks Darek Jensen and an external reporter for discovering and reporting this issue.Timeline2024-02-24Initial publication