.. / CVE-2020-2036

Exploit for Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting (CVE-2020-2036)

Description:

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator’s browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.

Nuclei Template

View the template here CVE-2020-2036.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-2036.yaml

References:

https://security.paloaltonetworks.com/CVE-2020-2036
https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
https://nvd.nist.gov/vuln/detail/CVE-2020-2036
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/404notf0und/CVE-Flow

.. / CVE-2020-2036 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting (CVE-2020-2036)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-2036