CVE-2024-5913 PAN-OS: Improper Input Validation Vulnerability in PAN-OS
Response Effort
MODERATE
Recovery
USER
Value Density
DIFFUSE
Attack Vector
PHYSICAL
Attack Complexity
LOW
Attack Requirements
PRESENT
Automatable
NO
User Interaction
NONE
Product Confidentiality
HIGH
Product Integrity
HIGH
Product Availability
HIGH
Privileges Required
HIGH
Subsequent Confidentiality
NONE
Subsequent Integrity
NONE
Subsequent Availability
NONE
Description
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Cloud NGFW | None | All |
| PAN-OS 11.2 | < 11.2.1 | >= 11.2.1 |
| PAN-OS 11.1 | < 11.1.4 | >= 11.1.4 |
| PAN-OS 11.0 | < 11.0.5 | >= 11.0.5 |
| PAN-OS 10.2 | < 10.2.10 | >= 10.2.10 |
| PAN-OS 10.1 | < 10.1.14-h2 | >= 10.1.14-h2 |
| Prisma Access | None | All |
Severity: MEDIUM, Suggested Urgency: MODERATE
CVSS-B: 5.4 (CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-20 Improper Input Validation
Solution
This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions.
Acknowledgments
Palo Alto Networks thanks Independent Security Researcher Pear1y, Joel Land of CISA Vulnerability Response and Coordination, rqu, Niceclear, Abyss Watcher, and Enrique Castillo of Palo Alto Networks for discovering and reporting this issue.
Timeline
Initial publication