Lucene search

Palo Alto Networks Product Security Incident Response TeamPA-CVE-2024-5913

HistoryJul 10, 2024 - 4:00 p.m.

PAN-OS: Improper Input Validation Vulnerability in PAN-OS

2024-07-1016:00:00

Palo Alto Networks Product Security Incident Response Team

securityadvisories.paloaltonetworks.com

pan-os

input validation

vulnerability

palo alto networks

software

privileges

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

JSON

An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.

Work around:
No work around available.

Affected configurations

Vulners

Node

softwarepan-osRange<10.1.14-h2

softwarepan-osRange<10.2.10

softwarepan-osRange<11.0.5

softwarepan-osRange<11.1.4

softwarepan-osRange<11.2.1

softwarecloud_ngfw

softwareprisma_access

VendorProductVersionCPE
softwarepan-os*cpe:2.3:a:software:pan-os:*:*:*:*:*:*:*:*
softwarecloud_ngfw*cpe:2.3:a:software:cloud_ngfw:*:*:*:*:*:*:*:*
softwareprisma_access*cpe:2.3:a:software:prisma_access:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
software	pan-os	*	cpe:2.3:a:software:pan-os::::::::
software	cloud_ngfw	*	cpe:2.3:a:software:cloud_ngfw::::::::
software	prisma_access	*	cpe:2.3:a:software:prisma_access::::::::

References

security.paloaltonetworks.com/CVE-2024-5913

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

JSON

Related for PA-CVE-2024-5913