CVE-2024-5914 (GCVE-0-2024-5914)
Vulnerability from cvelistv5
Published
2024-08-14 16:40
Modified
2024-08-14 18:17
Severity ?
7.0 (High) - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N/AU:N/R:U/V:D/RE:M/U:Amber
CWE
  • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.
References
Impacted products
Vendor Product Version
Palo Alto Networks Cortex XSOAR CommonScripts Version: 1.12   < 1.12.33
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T18:17:36.052204Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T18:17:47.424Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Cortex XSOAR CommonScripts",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.12.33",
                  "status": "unaffected"
                }
              ],
              "lessThan": "1.12.33",
              "status": "affected",
              "version": "1.12",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed, an integration must make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack."
            }
          ],
          "value": "To be exposed, an integration must make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Othmar Lechner"
        }
      ],
      "datePublic": "2024-08-14T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container."
            }
          ],
          "value": "A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248 Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T16:40:00.276Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "url": "https://security.paloaltonetworks.com/CVE-2024-5914"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in Cortex XSOAR CommonScripts 1.12.33 and all later versions.\u003cbr\u003e"
            }
          ],
          "value": "This issue is fixed in Cortex XSOAR CommonScripts 1.12.33 and all later versions."
        }
      ],
      "source": {
        "defect": [
          "CRTX-95034"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-14T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Cortex XSOAR: Command Injection in CommonScripts Pack",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Remove any integration usage of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.\u003cbr\u003e"
            }
          ],
          "value": "Remove any integration usage of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-5914",
    "datePublished": "2024-08-14T16:40:00.276Z",
    "dateReserved": "2024-06-12T15:27:56.494Z",
    "dateUpdated": "2024-08-14T18:17:47.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-5914\",\"sourceIdentifier\":\"psirt@paloaltonetworks.com\",\"published\":\"2024-08-14T17:15:18.220\",\"lastModified\":\"2024-08-20T16:22:06.357\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.\"},{\"lang\":\"es\",\"value\":\" Un problema de inyecci\u00f3n de comandos en Palo Alto Networks Cortex XSOAR CommonScripts Pack permite que un atacante no autenticado ejecute comandos arbitrarios dentro del contexto de un contenedor de integraci\u00f3n.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnerableSystemConfidentiality\":\"LOW\",\"vulnerableSystemIntegrity\":\"LOW\",\"vulnerableSystemAvailability\":\"LOW\",\"subsequentSystemConfidentiality\":\"HIGH\",\"subsequentSystemIntegrity\":\"HIGH\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NO\",\"recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@paloaltonetworks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paloaltonetworks:cortex_xsoar_commonscripts:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.12.33\",\"matchCriteriaId\":\"035D09D6-8E59-4889-AAE9-35CE4B8C4B4C\"}]}]}],\"references\":[{\"url\":\"https://security.paloaltonetworks.com/CVE-2024-5914\",\"source\":\"psirt@paloaltonetworks.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-5914\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-14T18:17:36.052204Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-14T18:17:42.111Z\"}}], \"cna\": {\"title\": \"Cortex XSOAR: Command Injection in CommonScripts Pack\", \"source\": {\"defect\": [\"CRTX-95034\"], \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Othmar Lechner\"}], \"impacts\": [{\"capecId\": \"CAPEC-248\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-248 Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 7, \"Automatable\": \"NO\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N/AU:N/R:U/V:D/RE:M/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Palo Alto Networks\", \"product\": \"Cortex XSOAR CommonScripts\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"1.12.33\", \"status\": \"unaffected\"}], \"version\": \"1.12\", \"lessThan\": \"1.12.33\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-08-14T16:00:00.000Z\", \"value\": \"Initial publication\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"This issue is fixed in Cortex XSOAR CommonScripts 1.12.33 and all later versions.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"This issue is fixed in Cortex XSOAR CommonScripts 1.12.33 and all later versions.\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-08-14T16:00:00.000Z\", \"references\": [{\"url\": \"https://security.paloaltonetworks.com/CVE-2024-5914\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Remove any integration usage of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Remove any integration usage of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be exposed, an integration must make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"To be exposed, an integration must make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"shortName\": \"palo_alto\", \"dateUpdated\": \"2024-08-14T16:40:00.276Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-5914\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-14T18:17:47.424Z\", \"dateReserved\": \"2024-06-12T15:27:56.494Z\", \"assignerOrgId\": \"d6c1279f-00f6-4ef7-9217-f89ffe703ec0\", \"datePublished\": \"2024-08-14T16:40:00.276Z\", \"assignerShortName\": \"palo_alto\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.