CVE-2024-5913
PAN-OS: Improper Input Validation Vulnerability in PAN-OS
Severity Score
5.4
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
Una vulnerabilidad de validación de entrada incorrecta en el software PAN-OS de Palo Alto Networks permite a un atacante manipular el sistema de archivos físico para elevar los privilegios.
*Credits:
Independent Security Researcher Pear1y, Joel Land of CISA Vulnerability Response and Coordination, rqu, Enrique Castillo of Palo Alto Networks
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-06-12 CVE Reserved
- 2024-07-10 CVE Published
- 2024-07-11 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-153: Input Data Manipulation
References (1)
| URL | Tag | Source |
|---|---|---|
| https://security.paloaltonetworks.com/CVE-2024-5913 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Palo Alto Networks Search vendor "Palo Alto Networks" | PAN-OS Search vendor "Palo Alto Networks" for product "PAN-OS" | >= 10.2.0 < 10.2.10 Search vendor "Palo Alto Networks" for product "PAN-OS" and version " >= 10.2.0 < 10.2.10" | en |
Affected
| ||||||
| Palo Alto Networks Search vendor "Palo Alto Networks" | PAN-OS Search vendor "Palo Alto Networks" for product "PAN-OS" | >= 11.0.0 < 11.0.5 Search vendor "Palo Alto Networks" for product "PAN-OS" and version " >= 11.0.0 < 11.0.5" | en |
Affected
| ||||||
| Palo Alto Networks Search vendor "Palo Alto Networks" | PAN-OS Search vendor "Palo Alto Networks" for product "PAN-OS" | >= 11.1.0 < 11.1.4 Search vendor "Palo Alto Networks" for product "PAN-OS" and version " >= 11.1.0 < 11.1.4" | en |
Affected
| ||||||
| Palo Alto Networks Search vendor "Palo Alto Networks" | PAN-OS Search vendor "Palo Alto Networks" for product "PAN-OS" | >= 11.2.0 < 11.2.1 Search vendor "Palo Alto Networks" for product "PAN-OS" and version " >= 11.2.0 < 11.2.1" | en |
Affected
| ||||||
| Palo Alto Networks Search vendor "Palo Alto Networks" | Cloud NGFW Search vendor "Palo Alto Networks" for product "Cloud NGFW" | <= Search vendor "Palo Alto Networks" for product "Cloud NGFW" and version " <= " | en |
Affected
| ||||||
| Palo Alto Networks Search vendor "Palo Alto Networks" | Prisma Access Search vendor "Palo Alto Networks" for product "Prisma Access" | <= Search vendor "Palo Alto Networks" for product "Prisma Access" and version " <= " | en |
Affected
| ||||||