CVE-2024-5913 | THREATINT

Description

An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.

PUBLISHED Reserved 2024-06-12 | Published 2024-07-10 | Updated 2024-08-06 | Assigner palo_alto

MEDIUM: 6.1CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

10.1.0 (custom) before 10.1.14-h2

affected

10.2.0 (custom) before 10.2.10

affected

11.0.0 (custom) before 11.0.5

affected

11.1.0 (custom) before 11.1.4

affected

11.2.0 (custom) before 11.2.1

affected

Default status

unaffected

None

affected

All

unaffected

Default status

unaffected

None

affected

All

unaffected

Timeline

2024-07-10:

Initial publication

Credits

Independent Security Researcher Pear1y finder

Joel Land of CISA Vulnerability Response and Coordination finder

rqu finder

Enrique Castillo of Palo Alto Networks finder

References

security.paloaltonetworks.com/CVE-2024-5913

cve.org (CVE-2024-5913)

nvd.nist.gov (CVE-2024-5913)

Download JSON