You may remember that during our previous discovery (Cyberhouse discovered critical vulnerability in the Juniper System) we were writing that only after a couple of months since the identification of the vulnerability and informing the company, we had a possibility to publish. We have the same situation currently and, finally, on 11th of October, Company Palo Alto published information about CVE-2018-10141
PANO-OS is the famous company – operational system that was created by Palo Alto for the new generation firewalls (Palo Alto NGFW).
Cyberhouse team discovered the critical vulnerability XSS (Cross-Site Scripting) on the home page of PAN-OS Clobalprotect Portal. This vulnerability enables non-authorized attackers to spread JavaScript and HTML code on the website. It is noteworthy, that logging into the system is not necessary for successfully using the vulnerability. This particular security vulnerability is present in the PAN-OS 8.1.3. and older versions, however it does not apply to PAN-OS 8.0, PAN-OS 7.1. and PAN-OS 6.1 versions. This vulnerability is referred by the official code – CVE-2018-10141.
If you read the published info by Palo Alto on their official page, in the Acknowledgements section you will also find the mention of Cyberhouse along with the security analyst/researcher Vladimi Egorov.
Cyberhouse team in addition to the service provision continues to look for unfamiliar vulnerabilities in various famous systems and we will continue to keep you posted right after the developer corrects the bugs.
If you are interested, you will find our company’s name in the section of ACKNOWLEDGEMENTS