Palo Alto Networks Security Advisories / CVE-2024-5914

CVE-2024-5914 Cortex XSOAR: Command Injection in CommonScripts Pack

Urgency MODERATE

047910
Severity 7 · HIGH
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity HIGH
Attack Requirements PRESENT
Automatable NO
User Interaction NONE
Product Confidentiality LOW
Product Integrity LOW
Product Availability LOW
Privileges Required NONE
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability NONE

Description

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.

Product Status

VersionsAffectedUnaffected
Cortex XSOAR CommonScripts < 1.12.33>= 1.12.33

Required Configuration for Exposure

To be exposed, an integration must make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.

Severity: HIGH, Suggested Urgency: MODERATE

CVSS-B: 7.0 (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Solution

This issue is fixed in Cortex XSOAR CommonScripts 1.12.33 and all later versions.

Workarounds and Mitigations

Remove any integration usage of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.

Acknowledgments

Palo Alto Networks thanks Othmar Lechner for discovering and reporting this issue.

Timeline

Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.