CVE-2024-5914 Cortex XSOAR: Command Injection in CommonScripts Pack
Description
A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.
Product Status
Versions | Affected | Unaffected |
---|---|---|
Cortex XSOAR CommonScripts | < 1.12.33 | >= 1.12.33 |
Required Configuration for Exposure
To be exposed, an integration must make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.
Severity: HIGH, Suggested Urgency: MODERATE
CVSS-B: 7.0 (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Weakness Type
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Solution
This issue is fixed in Cortex XSOAR CommonScripts 1.12.33 and all later versions.
Workarounds and Mitigations
Remove any integration usage of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.