- 201/2024
- Critical
Palo Alto has released security updates to fix multiple vulnerabilities across several Palo Alto products.
The addressed vulnerabilities could allow the attacker to elevate privilege to root access, bypass security restrictions, execute untrusted software without being detected or blocked, and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910):
- CVSS: 9.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Palo Alto Cortex XDR Agent Improper File Signature Verification Checks Vulnerability (CVE-2024-5912):
- CVSS: 6.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
Sample of the affected products:
- Cloud NGFW.
- PAN-OS.
- Cortex XDR Agent.
- Prisma Access.
- Palo Alto Expedition and Palo Alto Expedition VM.
Vulnerabilities
- CVE-2024-3596
- CVE-2024-5913
- CVE-2024-5912
- CVE-2024-5911
- CVE-2024-5910
- CVE-2024-5909
- CVE-2024-5908
- CVE-2024-5907
- CVE-2024-5906
- CVE-2024-5905
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.