- 282/2024
- Critical
Palo Alto has released security updatesto fix multiple vulnerabilities across several Palo Alto products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, conduct reflected XSS attacks, obtain sensitive information, bypass security restrictions or execute arbitrary commands, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Unauthenticated OS Command Injection Vulnerability (CVE-2024-9463):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. PAN-OS Firewall Denial of Service (DoS) via Maliciously Crafted Packet Vulnerability (CVE-2024-9468):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- PAN-OS.
- Cortex XSOAR.
- Cortex XDR.
- GlobalProtect App.
Vulnerabilities
- CVE-2024-9463
- CVE-2024-9464
- CVE-2024-9465
- CVE-2024-9466
- CVE-2024-9467
- CVE-2024-9468
- CVE-2024-9469
- CVE-2024-9470
- CVE-2024-9471
- CVE-2024-9473
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.