- 232/2024
- High
Palo Alto has released security updates to fix multiple vulnerabilities across several Palo Alto products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, conduct information disclosure, or execute arbitrary commands and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Palo Alto Cortex XSOAR Command Injection in CommonScripts Pack Vulnerability (CVE-2024-5914):
- CVSS: 7
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Palo Alto PAN-OS Cleartext Exposure of External System Secrets Vulnerability (CVE-2024-5916):
- CVSS: 6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Passive
- Consequences: Obtain Information
Affected products:
- PAN-OS.
- Cortex XSOAR.
- GlobalProtect App.
- Cloud NGFW.
- Prisma Access.
- Cortex XSOAR CommonScripts.
Vulnerabilities
- CVE-2024-5914
- CVE-2024-5915
- CVE-2024-5916
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.