Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0141 XSS patched in PAN-OS 28 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: PAN-OS Operating System: Network Appliance Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-7636 Member content until: Saturday, July 28 2018 OVERVIEW Palo Alto Networks has addressed a Cross-Site Scripting (XSS) vulnerability in PAN-OS. [1] IMPACT The vendor has provided the following details regarding the issue: "A Cross-Site Scripting (XSS) vulnerability exists in the PAN-OS URL filtering "continue page" (Ref # PAN-OS 90835, CVE-2018-7636). PAN-OS software does not properly validate specific request parameters. Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML in specially crafted URLs that link to a URL filtering “continue page†hosted by the firewall." [1] MITIGATION The vendor advises updating appliances running PAN-OS 8.0.x to version 8.0.11. [1] REFERENCES [1] Security Advisory 122 https://securityadvisories.paloaltonetworks.com/Home/Detail/122 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWzRg7GaOgq3Tt24GAQgmsA/+NKF+97qo+q494Usm3gVZ+VDzLJgbqoim /56i+Vr3YKHKwOLHSiKGZcHpCkOBCfA8PdT90xyPhanr7X/leKe00tmJxkgLTq4i 37iFkgnzqrIqXJoYRDtBgPzpJauQBFtG+fVzmbYlFkexu92zpO/RR6rhzqXpA+i4 nLDe4hvMxfbzrcYlh9a6+VoW3n1UkbBg5T5/2xTYHXhn9zhDGJAH4oTZ/C4Mj66L GtytewPUpAJ5FKOQiO+i009GABL6OWBMYo8k+VdzASLZIKMh964duVjzUOHWXwWz XXLka8XXY1Iz0HCGuVdCnuwl1tUTjvOz1+f7/MuCQZXxN0G3iWqFcp2phRtGAcel 2Pl7HLoG7Ei8Cw9JO4sIEgvEb/gCcu0kKKlZsOtChiIXC+tqybs9DReVMjmnBEIt eOYmibtPX8Lalm+LcoX7lZ1pMllI8ofIkP340B5WAz3A9AJUeDTtIzuEc8UP+U3H mcpRdo3jW9YJsO6cNyY9qrK+avddWIF7P4FBMP70OGuFjTjhotiwTma5fKZ2LxCx Q1AI0+M5nkB4155N1kGmsktfcp61D9qG+H6jOxwObp4x7JwocdKiDL19buziB+DV 5u5ILywh3E2L+uG+mmao2+ZVzGbNtOiIbcDadqBjdg98q1BLkcvUFgdElByRltsc bu5KXWlTJrc= =C67i -----END PGP SIGNATURE-----