CVE-2024-5913 PAN-OS: Improper Input Validation Vulnerability in PAN-OS
Urgency
MODERATE
Response Effort
MODERATE
Recovery
USER
Value Density
DIFFUSE
Attack Vector
PHYSICAL
Attack Complexity
LOW
Attack Requirements
PRESENT
Automatable
NO
User Interaction
NONE
Product Confidentiality
HIGH
Product Integrity
HIGH
Product Availability
HIGH
Privileges Required
HIGH
Subsequent Confidentiality
NONE
Subsequent Integrity
NONE
Subsequent Availability
NONE
Description
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
Product Status
Versions | Affected | Unaffected |
---|---|---|
Cloud NGFW | None | All |
PAN-OS 11.2 | < 11.2.1 | >= 11.2.1 |
PAN-OS 11.1 | < 11.1.4 | >= 11.1.4 |
PAN-OS 11.0 | < 11.0.5 | >= 11.0.5 |
PAN-OS 10.2 | < 10.2.10 | >= 10.2.10 |
PAN-OS 10.1 | < 10.1.14-h2 | >= 10.1.14-h2 |
Prisma Access | None | All |
Severity: MEDIUM
CVSSv4.0 Base Score: 5.4 (CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-20 Improper Input Validation
Solution
This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions.
Acknowledgments
Palo Alto Networks thanks Independent Security Researcher Pear1y, Joel Land of CISA Vulnerability Response and Coordination, rqu, Niceclear, Abyss Watcher, and Enrique Castillo of Palo Alto Networks for discovering and reporting this issue.
Timeline
Initial publication