Action not permitted
Modal body text goes here.
wid-sec-w-2024-3465
Vulnerability from csaf_certbund
Published
2024-11-13 23:00
Modified
2024-11-13 23:00
Summary
PaloAlto Networks PAN-OS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
PAN-OS ist das Betriebssystem der Sicherheitssysteme / Firewalls der Firma Palo Alto Networks.
Angriff
Ein Angreifer kann mehrere Schwachstellen in PaloAlto Networks PAN-OS ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, Sicherheitsmaßnahmen zu umgehen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "PAN-OS ist das Betriebssystem der Sicherheitssysteme / Firewalls der Firma Palo Alto Networks.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in PaloAlto Networks PAN-OS ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben, Dateien zu manipulieren, Sicherheitsma\u00dfnahmen zu umgehen und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3465 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3465.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3465 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3465"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisories vom 2024-11-13",
"url": "https://security.paloaltonetworks.com/CVE-2024-2550"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisories vom 2024-11-13",
"url": "https://security.paloaltonetworks.com/CVE-2024-2551"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisories vom 2024-11-13",
"url": "https://security.paloaltonetworks.com/CVE-2024-2552"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisories vom 2024-11-13",
"url": "https://security.paloaltonetworks.com/CVE-2024-5917"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisories vom 2024-11-13",
"url": "https://security.paloaltonetworks.com/CVE-2024-5918"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisories vom 2024-11-13",
"url": "https://security.paloaltonetworks.com/CVE-2024-5919"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisories vom 2024-11-13",
"url": "https://security.paloaltonetworks.com/CVE-2024-5920"
},
{
"category": "external",
"summary": "Palo Alto Networks Security Advisories vom 2024-11-13",
"url": "https://security.paloaltonetworks.com/CVE-2024-9472"
}
],
"source_lang": "en-US",
"title": "PaloAlto Networks PAN-OS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-13T23:00:00.000+00:00",
"generator": {
"date": "2024-11-14T11:42:00.791+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-3465",
"initial_release_date": "2024-11-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.1.5",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.1.5",
"product_id": "T039151"
}
},
{
"category": "product_version",
"name": "11.1.5",
"product": {
"name": "PaloAlto Networks PAN-OS 11.1.5",
"product_id": "T039151-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.1.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.6",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.0.6",
"product_id": "T039152"
}
},
{
"category": "product_version",
"name": "11.0.6",
"product": {
"name": "PaloAlto Networks PAN-OS 11.0.6",
"product_id": "T039152-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.11",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.11",
"product_id": "T039153"
}
},
{
"category": "product_version",
"name": "10.2.11",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.11",
"product_id": "T039153-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.5",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.0.5",
"product_id": "T039154"
}
},
{
"category": "product_version",
"name": "11.0.5",
"product": {
"name": "PaloAlto Networks PAN-OS 11.0.5",
"product_id": "T039154-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.5",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.5",
"product_id": "T039157"
}
},
{
"category": "product_version",
"name": "10.2.5",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.5",
"product_id": "T039157-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.4-h6",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.4-h6",
"product_id": "T039158"
}
},
{
"category": "product_version",
"name": "10.2.4-h6",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.4-h6",
"product_id": "T039158-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.4-h6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.14",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.1.14",
"product_id": "T039159"
}
},
{
"category": "product_version",
"name": "10.1.14",
"product": {
"name": "PaloAlto Networks PAN-OS 10.1.14",
"product_id": "T039159-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.1.14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.2.4",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.2.4",
"product_id": "T039160"
}
},
{
"category": "product_version",
"name": "11.2.4",
"product": {
"name": "PaloAlto Networks PAN-OS 11.2.4",
"product_id": "T039160-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.2.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.12",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.12",
"product_id": "T039161"
}
},
{
"category": "product_version",
"name": "10.2.12",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.12",
"product_id": "T039161-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.2",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.2",
"product_id": "T039162"
}
},
{
"category": "product_version",
"name": "10.2.2",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.2",
"product_id": "T039162-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.7",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.1.7",
"product_id": "T039163"
}
},
{
"category": "product_version",
"name": "10.1.7",
"product": {
"name": "PaloAlto Networks PAN-OS 10.1.7",
"product_id": "T039163-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.1.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.3",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.0.3",
"product_id": "T039164"
}
},
{
"category": "product_version",
"name": "11.0.3",
"product": {
"name": "PaloAlto Networks PAN-OS 11.0.3",
"product_id": "T039164-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.4-h5",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.4-h5",
"product_id": "T039165"
}
},
{
"category": "product_version",
"name": "10.2.4-h5",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.4-h5",
"product_id": "T039165-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.4-h5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.11",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.1.11",
"product_id": "T039166"
}
},
{
"category": "product_version",
"name": "10.1.11",
"product": {
"name": "PaloAlto Networks PAN-OS 10.1.11",
"product_id": "T039166-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.1.11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.0.2",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.0.2",
"product_id": "T039167"
}
},
{
"category": "product_version",
"name": "11.0.2",
"product": {
"name": "PaloAlto Networks PAN-OS 11.0.2",
"product_id": "T039167-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.1.10",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.1.10",
"product_id": "T039168"
}
},
{
"category": "product_version",
"name": "10.1.10",
"product": {
"name": "PaloAlto Networks PAN-OS 10.1.10",
"product_id": "T039168-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.1.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.1.4",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.1.4",
"product_id": "T039169"
}
},
{
"category": "product_version",
"name": "11.1.4",
"product": {
"name": "PaloAlto Networks PAN-OS 11.1.4",
"product_id": "T039169-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.1.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.2.3",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.2.3",
"product_id": "T039171"
}
},
{
"category": "product_version",
"name": "11.2.3",
"product": {
"name": "PaloAlto Networks PAN-OS 11.2.3",
"product_id": "T039171-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.2.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.2.2-h3",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.2.2-h3",
"product_id": "T039172"
}
},
{
"category": "product_version",
"name": "11.2.2-h3",
"product": {
"name": "PaloAlto Networks PAN-OS 11.2.2-h3",
"product_id": "T039172-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.2.2-h3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.1.3-h10",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.1.3-h10",
"product_id": "T039173"
}
},
{
"category": "product_version",
"name": "11.1.3-h10",
"product": {
"name": "PaloAlto Networks PAN-OS 11.1.3-h10",
"product_id": "T039173-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.1.3-h10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.1.2-h14",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c11.1.2-h14",
"product_id": "T039174"
}
},
{
"category": "product_version",
"name": "11.1.2-h14",
"product": {
"name": "PaloAlto Networks PAN-OS 11.1.2-h14",
"product_id": "T039174-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:11.1.2-h14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.9-14",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.9-14",
"product_id": "T039176"
}
},
{
"category": "product_version",
"name": "10.2.9-14",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.9-14",
"product_id": "T039176-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.9-14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.8-h13",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.8-h13",
"product_id": "T039177"
}
},
{
"category": "product_version",
"name": "10.2.8-h13",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.8-h13",
"product_id": "T039177-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.8-h13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.10-h7",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.10-h7",
"product_id": "T039178"
}
},
{
"category": "product_version",
"name": "10.2.10-h7",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.10-h7",
"product_id": "T039178-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.10-h7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.11-h4",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.11-h4",
"product_id": "T039179"
}
},
{
"category": "product_version",
"name": "10.2.11-h4",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.11-h4",
"product_id": "T039179-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.11-h4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.7-h16",
"product": {
"name": "PaloAlto Networks PAN-OS \u003c10.2.7-h16",
"product_id": "T039180"
}
},
{
"category": "product_version",
"name": "10.2.7-h16",
"product": {
"name": "PaloAlto Networks PAN-OS 10.2.7-h16",
"product_id": "T039180-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:paloaltonetworks:pan-os:10.2.7-h16"
}
}
}
],
"category": "product_name",
"name": "PAN-OS"
}
],
"category": "vendor",
"name": "PaloAlto Networks"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2550",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS aufgrund einer Null-Pointer-Dereferenz-Schwachstelle. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er ein speziell gestaltetes Paket sendet. Wiederholte Versuche, diesen Zustand auszul\u00f6sen, f\u00fchren dazu, dass die Firewall in den Wartungsmodus wechselt."
}
],
"product_status": {
"known_affected": [
"T039157",
"T039168",
"T039167",
"T039178",
"T039159",
"T039158",
"T039169",
"T039153",
"T039164",
"T039163",
"T039174",
"T039152",
"T039166",
"T039177",
"T039154",
"T039165",
"T039176",
"T039173",
"T039151",
"T039180"
]
},
"release_date": "2024-11-13T23:00:00.000+00:00",
"title": "CVE-2024-2550"
},
{
"cve": "CVE-2024-2551",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS aufgrund einer Null-Pointer-Dereferenz-Schwachstelle. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er ein manipuliertes Paket durch die Datenebene sendet."
}
],
"product_status": {
"known_affected": [
"T039164",
"T039163",
"T039166",
"T039165",
"T039154",
"T039162",
"T039168",
"T039157",
"T039167",
"T039159",
"T039158"
]
},
"release_date": "2024-11-13T23:00:00.000+00:00",
"title": "CVE-2024-2551"
},
{
"cve": "CVE-2024-2552",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS aufgrund eines Befehlsinjektionsproblems. Ein lokaler Angreifer mit Administrator-Rechten kann diese Schwachstelle ausnutzen, um Dateien auf der Firewall zu l\u00f6schen."
}
],
"product_status": {
"known_affected": [
"T039157",
"T039179",
"T039167",
"T039178",
"T039158",
"T039169",
"T039153",
"T039164",
"T039174",
"T039152",
"T039177",
"T039154",
"T039165",
"T039176",
"T039171",
"T039160",
"T039162",
"T039173",
"T039151",
"T039172",
"T039161",
"T039180"
]
},
"release_date": "2024-11-13T23:00:00.000+00:00",
"title": "CVE-2024-2552"
},
{
"cve": "CVE-2024-5917",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS. Das administrative Webinterface kann aufgrund eines Server-Side-Request- Forgery-Problems als Proxy verwendet werden. Ein anonymer Angreifer kann diese Schwachstelle ausnutzen, um interne Netzwerkressourcen einzusehen."
}
],
"product_status": {
"known_affected": [
"T039163",
"T039162",
"T039169"
]
},
"release_date": "2024-11-13T23:00:00.000+00:00",
"title": "CVE-2024-5917"
},
{
"cve": "CVE-2024-5918",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS aufgrund einer unsachgem\u00e4\u00dfen Zertifikatsvalidierung. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um die erwarteten Sicherheits\u00fcberpr\u00fcfungen zu umgehen und sich als legitimer GlobalProtect-Benutzer auszugeben."
}
],
"product_status": {
"known_affected": [
"T039164",
"T039163",
"T039166",
"T039165",
"T039171",
"T039162",
"T039172",
"T039168",
"T039167"
]
},
"release_date": "2024-11-13T23:00:00.000+00:00",
"title": "CVE-2024-5918"
},
{
"cve": "CVE-2024-5919",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS. Dieser Fehler ist auf eine unsachgem\u00e4\u00dfe Behandlung von XML-Eingaben zur\u00fcckzuf\u00fchren, bei der externe Entit\u00e4ten nicht ordnungsgem\u00e4\u00df validiert und neutralisiert werden, was zu einer blinden XML External Entity (XXE) Injection-Schwachstelle f\u00fchrt. Ein entfernter, authentisierter Angreifer mit hohen Rechten kann diese Schwachstelle ausnutzen, um sensible Dateien aus dem System zu exfiltrieren."
}
],
"product_status": {
"known_affected": [
"T039152",
"T039165",
"T039162",
"T039157",
"T039168",
"T039167",
"T039158"
]
},
"release_date": "2024-11-13T23:00:00.000+00:00",
"title": "CVE-2024-5919"
},
{
"cve": "CVE-2024-5920",
"notes": [
{
"category": "description",
"text": "Eine Cross-Site Scripting Schwachstelle wurde in PaloAlto Networks PAN-OS entdeckt. Dieses Problem wird durch unsachgem\u00e4\u00dfe Filterung der vom Benutzer bereitgestellten Daten vor der Anzeige der Eingaben verursacht. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Skriptcode im Sicherheitskontext einer betroffenen Site auszuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T039157",
"T039168",
"T039167",
"T039178",
"T039159",
"T039158",
"T039169",
"T039164",
"T039153",
"T039163",
"T039174",
"T039152",
"T039166",
"T039177",
"T039154",
"T039165",
"T039176",
"T039162",
"T039173",
"T039180"
]
},
"release_date": "2024-11-13T23:00:00.000+00:00",
"title": "CVE-2024-5920"
},
{
"cve": "CVE-2024-9472",
"notes": [
{
"category": "description",
"text": "Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS. Dieser Fehler besteht aufgrund eines Nullzeiger-Dereferenzierungsproblems bei bestimmten Hardwareplattformen, wenn die Decryption Policy aktiviert ist, was zu einem Absturz f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T039157",
"T039179",
"T039178",
"T039158",
"T039153",
"T039174",
"T039177",
"T039165",
"T039176",
"T039160",
"T039171",
"T039162",
"T039173",
"T039172",
"T039180"
]
},
"release_date": "2024-11-13T23:00:00.000+00:00",
"title": "CVE-2024-9472"
}
]
}
cve-2024-2552
Vulnerability from cvelistv5
Published
2024-11-14 09:39
Modified
2024-11-14 19:08
Severity ?
EPSS score ?
Summary
PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-2552 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Palo Alto Networks | Cloud NGFW | |||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:58:28.794154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:08:21.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "11.2.4",
"status": "unaffected"
}
],
"lessThan": "11.2.4",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.5",
"status": "unaffected"
}
],
"lessThan": "11.1.5",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.6",
"status": "unaffected"
}
],
"lessThan": "11.0.6",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.12",
"status": "unaffected"
}
],
"lessThan": "10.2.12",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bobby Storey"
}
],
"datePublic": "2024-11-13T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall."
}
],
"value": "A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T09:39:06.523Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-2552"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.2.12, PAN-OS 11.0.6, PAN-OS 11.1.5, PAN-OS 11.2.4, and all later PAN-OS versions."
}
],
"value": "This issue is fixed in PAN-OS 10.2.12, PAN-OS 11.0.6, PAN-OS 11.1.5, PAN-OS 11.2.4, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-261332"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-13T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWe strongly recommend customers to ensure access to your management interface is configured correctly in accordance with our recommended best practice deployment guidelines. In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow this Palo Alto Networks and industry best practice.\u003c/p\u003ePlease see the following link for additional information regarding how to secure the management access of your palo alto networks device: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\"\u003ehttps://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431\u003c/a\u003e"
}
],
"value": "We strongly recommend customers to ensure access to your management interface is configured correctly in accordance with our recommended best practice deployment guidelines. In particular, we recommend that you ensure that access to the management interface is possible only from trusted internal IPs and not from the Internet. The vast majority of firewalls already follow this Palo Alto Networks and industry best practice.\n\nPlease see the following link for additional information regarding how to secure the management access of your palo alto networks device: https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-2552",
"datePublished": "2024-11-14T09:39:06.523Z",
"dateReserved": "2024-03-15T22:43:28.837Z",
"dateUpdated": "2024-11-14T19:08:21.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5919
Vulnerability from cvelistv5
Published
2024-11-14 09:36
Modified
2024-11-14 19:41
Severity ?
EPSS score ?
Summary
PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-5919 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Palo Alto Networks | Cloud NGFW | |||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:59:05.844837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:41:04.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "11.2.0"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"changes": [
{
"at": "11.0.2",
"status": "unaffected"
}
],
"lessThan": "11.0.2",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.5",
"status": "unaffected"
}
],
"lessThan": "10.2.5",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.10",
"status": "unaffected"
}
],
"lessThan": "10.1.10",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dan Marin of Deloitte"
},
{
"lang": "en",
"type": "finder",
"value": "Cristian Mocanu of Deloitte"
},
{
"lang": "en",
"type": "finder",
"value": "Alex Hordijk"
}
],
"datePublic": "2024-11-13T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface."
}
],
"value": "A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 XML Entity Linking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T09:36:46.390Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5919"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.1.10, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions."
}
],
"value": "This issue is fixed in PAN-OS 10.1.10, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-205062"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-13T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5919",
"datePublished": "2024-11-14T09:36:46.390Z",
"dateReserved": "2024-06-12T15:27:57.328Z",
"dateUpdated": "2024-11-14T19:41:04.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2551
Vulnerability from cvelistv5
Published
2024-11-14 09:36
Modified
2024-11-19 15:01
Severity ?
EPSS score ?
Summary
PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-2551 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Palo Alto Networks | Cloud NGFW | |||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T15:01:17.887695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T15:01:40.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "11.2.0"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"changes": [
{
"at": "11.0.5",
"status": "unaffected"
}
],
"lessThan": "11.0.5",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.4-h6",
"status": "unaffected"
},
{
"at": "10.2.5",
"status": "unaffected"
}
],
"lessThan": "10.2.4-h6",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.14",
"status": "unaffected"
}
],
"lessThan": "10.1.14",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "a customer"
}
],
"datePublic": "2024-11-13T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode."
}
],
"value": "A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T09:36:09.876Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-2551"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.4-h6, PAN-OS 10.2.5, PAN-OS 11.0.5, and all later PAN-OS versions."
}
],
"value": "This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.4-h6, PAN-OS 10.2.5, PAN-OS 11.0.5, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-223185"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-13T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet"
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-2551",
"datePublished": "2024-11-14T09:36:09.876Z",
"dateReserved": "2024-03-15T22:43:27.814Z",
"dateUpdated": "2024-11-19T15:01:40.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5917
Vulnerability from cvelistv5
Published
2024-11-14 09:39
Modified
2024-11-14 19:35
Severity ?
EPSS score ?
Summary
PAN-OS: Server-Side Request Forgery in WildFire
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-5917 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Palo Alto Networks | Cloud NGFW | |||||
|
|||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:cloud_ngfw:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_ngfw",
"vendor": "paloaltonetworks",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pan-os",
"vendor": "paloaltonetworks",
"versions": [
{
"status": "affected",
"version": "11.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pan-os",
"vendor": "paloaltonetworks",
"versions": [
{
"status": "affected",
"version": "11.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pan-os",
"vendor": "paloaltonetworks",
"versions": [
{
"status": "affected",
"version": "11.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pan-os",
"vendor": "paloaltonetworks",
"versions": [
{
"lessThan": "10.2.2",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"lessThan": "10.1.7",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:58:18.463866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:35:37.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "11.2.0"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "11.0.0"
},
{
"changes": [
{
"at": "10.2.2",
"status": "unaffected"
}
],
"lessThan": "10.2.2",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.7",
"status": "unaffected"
}
],
"lessThan": "10.1.7",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Your network is impacted only if you enabled the WildFire Forwarding feature in your firewall. You can find this setting at Device \u2192 Setup \u2192 WildFire."
}
],
"value": "Your network is impacted only if you enabled the WildFire Forwarding feature in your firewall. You can find this setting at Device \u2192 Setup \u2192 WildFire."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Baker from AC3"
}
],
"datePublic": "2024-11-13T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible."
}
],
"value": "A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T09:39:40.266Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5917"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.1.7, PAN-OS 10.2.2, and all later PAN-OS versions."
}
],
"value": "This issue is fixed in PAN-OS 10.1.7, PAN-OS 10.2.2, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-115469"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-13T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Server-Side Request Forgery in WildFire"
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5917",
"datePublished": "2024-11-14T09:39:40.266Z",
"dateReserved": "2024-06-12T15:27:57.001Z",
"dateUpdated": "2024-11-14T19:35:37.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9472
Vulnerability from cvelistv5
Published
2024-11-14 09:34
Modified
2024-11-14 14:10
Severity ?
EPSS score ?
Summary
PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-9472 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Palo Alto Networks | Cloud NGFW |
Patch: All |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:09:59.075028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:10:30.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "11.2.2-h3",
"status": "unaffected"
},
{
"at": "11.2.3",
"status": "unaffected"
}
],
"lessThan": "11.2.2-h3",
"status": "affected",
"version": "11.2.2",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.2-h14",
"status": "unaffected"
},
{
"at": "11.1.3-h10",
"status": "unaffected"
}
],
"lessThan": "11.1.2-h14",
"status": "affected",
"version": "11.1.2-h9",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "11.0.0"
},
{
"changes": [
{
"at": "10.2.7-h16",
"status": "unaffected"
},
{
"at": "10.2.8-h13",
"status": "unaffected"
},
{
"at": "10.2.9-14",
"status": "unaffected"
},
{
"at": "10.2.10-h7",
"status": "unaffected"
},
{
"at": "10.2.11-h4",
"status": "unaffected"
}
],
"lessThan": "10.2.7-h16",
"status": "affected",
"version": "10.2.7-h12",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is only applicable firewalls where url proxy or any decrypt-policy is configured.\u003cbr\u003e\u003cbr\u003eWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies.\u003cbr\u003e"
}
],
"value": "This issue is only applicable firewalls where url proxy or any decrypt-policy is configured.\n\nWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."
}
],
"datePublic": "2024-11-13T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003ePalo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eThis issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e10.2.7-h12\u003c/li\u003e\u003cli\u003e10.2.8-h10\u003c/li\u003e\u003cli\u003e10.2.9-h9\u003c/li\u003e\u003cli\u003e10.2.9-h11\u003c/li\u003e\u003cli\u003e10.2.10-h2\u003c/li\u003e\u003cli\u003e10.2.10-h3\u003c/li\u003e\u003cli\u003e10.2.11\u003c/li\u003e\u003cli\u003e10.2.11-h1\u003c/li\u003e\u003cli\u003e10.2.11-h2\u003c/li\u003e\u003cli\u003e10.2.11-h3\u003c/li\u003e\u003cli\u003e11.1.2-h9\u003c/li\u003e\u003cli\u003e11.1.2-h12\u003c/li\u003e\u003cli\u003e11.1.3-h2\u003c/li\u003e\u003cli\u003e11.1.3-h4\u003c/li\u003e\u003cli\u003e11.1.3-h6\u003c/li\u003e\u003cli\u003e11.2.2\u003c/li\u003e\u003cli\u003e11.2.2-h1\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode.\n\n\nPalo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected.\n\n\nThis issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS:\n\n * 10.2.7-h12\n * 10.2.8-h10\n * 10.2.9-h9\n * 10.2.9-h11\n * 10.2.10-h2\n * 10.2.10-h3\n * 10.2.11\n * 10.2.11-h1\n * 10.2.11-h2\n * 10.2.11-h3\n * 11.1.2-h9\n * 11.1.2-h12\n * 11.1.3-h2\n * 11.1.3-h4\n * 11.1.3-h6\n * 11.2.2\n * 11.2.2-h1"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, customers have reported encountering this issue during normal operations."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue. However, customers have reported encountering this issue during normal operations."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T09:34:22.665Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-9472"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.2.7-h16, PAN-OS 10.2.8-h13, PAN-OS 10.2.9-h14, PAN-OS 10.2.10-h7, PAN-OS 10.2.11-h4, PAN-OS 11.1.2-h14, PAN-OS 11.1.3-h10, PAN-OS 11.2.2-h3, PAN-OS 11.2.3, and all later PAN-OS versions."
}
],
"value": "This issue is fixed in PAN-OS 10.2.7-h16, PAN-OS 10.2.8-h13, PAN-OS 10.2.9-h14, PAN-OS 10.2.10-h7, PAN-OS 10.2.11-h4, PAN-OS 11.1.2-h14, PAN-OS 11.1.3-h10, PAN-OS 11.2.2-h3, PAN-OS 11.2.3, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-262287",
"PAN-226361"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-13T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue does not impact firewalls that do not have url proxy or any decrypt-policy configured.\u003cbr\u003e\u003cbr\u003eThe issue can be completely mitigated by setting this option:\u003cbr\u003e\u003cbr\u003eset system setting ctd nonblocking-pattern-match disable"
}
],
"value": "This issue does not impact firewalls that do not have url proxy or any decrypt-policy configured.\n\nThe issue can be completely mitigated by setting this option:\n\nset system setting ctd nonblocking-pattern-match disable"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-9472",
"datePublished": "2024-11-14T09:34:22.665Z",
"dateReserved": "2024-10-03T11:35:18.693Z",
"dateUpdated": "2024-11-14T14:10:30.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-2550
Vulnerability from cvelistv5
Published
2024-11-14 09:40
Modified
2024-11-14 14:11
Severity ?
EPSS score ?
Summary
PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-2550 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Palo Alto Networks | Cloud NGFW | |||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:11:13.254898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:11:24.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "11.2.0"
},
{
"changes": [
{
"at": "11.1.5",
"status": "unaffected"
}
],
"lessThan": "11.1.5",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.6",
"status": "unaffected"
}
],
"lessThan": "11.0.6",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.11",
"status": "unaffected"
}
],
"lessThan": "10.2.11",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue impacts only firewalls on which you configured a GlobalProtect gateway. You can verify whether you configured GlobalProtect gateway by checking for entries in your firewall web interface (Network \u2192 GlobalProtect \u2192 Gateways)."
}
],
"value": "This issue impacts only firewalls on which you configured a GlobalProtect gateway. You can verify whether you configured GlobalProtect gateway by checking for entries in your firewall web interface (Network \u2192 GlobalProtect \u2192 Gateways)."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Baker from AC3"
}
],
"datePublic": "2024-11-13T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode."
}
],
"value": "A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T09:40:38.838Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-2550"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5, and all later PAN-OS versions."
}
],
"value": "This issue is fixed in PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.5, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-244950",
"PAN-221352"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-13T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet"
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-2550",
"datePublished": "2024-11-14T09:40:38.838Z",
"dateReserved": "2024-03-15T22:43:26.399Z",
"dateUpdated": "2024-11-14T14:11:24.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5918
Vulnerability from cvelistv5
Published
2024-11-14 09:38
Modified
2024-11-14 19:35
Severity ?
EPSS score ?
Summary
PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-5918 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Palo Alto Networks | Cloud NGFW | |||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:58:52.114662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:35:53.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "11.2.0"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"changes": [
{
"at": "11.0.3",
"status": "unaffected"
}
],
"lessThan": "11.0.3",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.4-h5",
"status": "unaffected"
}
],
"lessThan": "10.2.4-h5",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.11",
"status": "unaffected"
}
],
"lessThan": "10.1.11",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue impacts only firewalls on which you configured a GlobalProtect portal or GlobalProtect gateway to use Client Certificate Authentication and you set the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"Yes\".\u003c/p\u003e\u003cp\u003eYou can verify whether you configured GlobalProtect portal or gateway by checking for entries in your firewall web interface (Network \u2192 GlobalProtect \u2192 Portals or Network \u2192 GlobalProtect \u2192 Gateways).\u003c/p\u003e\u003cp\u003eIf you do have GlobalProtect portals or gateways in your configuration, then you can verify whether you configured Client Certificate Authentication on these portals and gateways by checking your firewall web interface (Network \u2192 GlobalProtect \u2192 Portals \u2192 (portal-config) \u2192 Authentication or Network \u2192 GlobalProtect \u2192 Gateways \u2192 (gateway-config) \u2192 Authentication).\u003c/p\u003e"
}
],
"value": "This issue impacts only firewalls on which you configured a GlobalProtect portal or GlobalProtect gateway to use Client Certificate Authentication and you set the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"Yes\".\n\nYou can verify whether you configured GlobalProtect portal or gateway by checking for entries in your firewall web interface (Network \u2192 GlobalProtect \u2192 Portals or Network \u2192 GlobalProtect \u2192 Gateways).\n\nIf you do have GlobalProtect portals or gateways in your configuration, then you can verify whether you configured Client Certificate Authentication on these portals and gateways by checking your firewall web interface (Network \u2192 GlobalProtect \u2192 Portals \u2192 (portal-config) \u2192 Authentication or Network \u2192 GlobalProtect \u2192 Gateways \u2192 (gateway-config) \u2192 Authentication)."
}
],
"datePublic": "2024-11-13T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you \"Allow Authentication with User Credentials OR Client Certificate.\""
}
],
"value": "An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you \"Allow Authentication with User Credentials OR Client Certificate.\""
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-151",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-151 Identity Spoofing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/AU:N/R:A/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T09:38:29.319Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5918"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.4-h5, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions."
}
],
"value": "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.4-h5, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-216947"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-13T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "You can mitigate this issue by setting the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"No.\" Additional information is available here:\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\"\u003e\u003c/a\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\"\u003ehttps://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\"\u003e\u003c/a\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\"\u003ehttps://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab\"\u003e\u003c/a\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "You can mitigate this issue by setting the \"Allow Authentication with User Credentials OR Client Certificate\" option to \"No.\" Additional information is available here:\n https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-authentication-configuration-tab \n * https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/globalprotect/network-globalprotect-gateways/globalprotect-gateway-authentication-tab"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5918",
"datePublished": "2024-11-14T09:38:29.319Z",
"dateReserved": "2024-06-12T15:27:57.173Z",
"dateUpdated": "2024-11-14T19:35:53.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5920
Vulnerability from cvelistv5
Published
2024-11-14 09:40
Modified
2024-11-14 19:35
Severity ?
EPSS score ?
Summary
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-5920 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Palo Alto Networks | Cloud NGFW | |||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:57:37.177943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:35:21.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
},
{
"cpes": [
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.13:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.12:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.11:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.10:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*",
"cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "11.2.0"
},
{
"changes": [
{
"at": "11.1.4",
"status": "unaffected"
}
],
"lessThan": "11.1.4",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.0.6",
"status": "unaffected"
}
],
"lessThan": "11.0.6",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.11",
"status": "unaffected"
}
],
"lessThan": "10.2.11",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.1.14",
"status": "unaffected"
}
],
"lessThan": "10.1.14",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kajetan Rostojek"
}
],
"datePublic": "2024-11-13T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator\u0027s browser."
}
],
"value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator\u0027s browser."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T09:40:14.513Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-5920"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.4, and all later PAN-OS versions."
}
],
"value": "This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.4, and all later PAN-OS versions."
}
],
"source": {
"defect": [
"PAN-222484"
],
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-11-13T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator"
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2024-5920",
"datePublished": "2024-11-14T09:40:14.513Z",
"dateReserved": "2024-06-12T15:27:57.515Z",
"dateUpdated": "2024-11-14T19:35:21.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.