Attackers can elevate privileges by tampering with physical file system

CVE-2024-5913

6.1MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Cloud Ngfw; Prisma Access
Vendor: CVE Published:; 10 July 2024

Badges

👾 Exploit Exists

Summary

An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.

Affected Version(s)

PAN-OS < 10.1.14-h2

PAN-OS < 10.2.10

PAN-OS < 11.0.5

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 6.1 - (MEDIUM)
Aug 6, 2024
Initial publication
Jul 10, 2024
Vulnerability published.
Jul 10, 2024
Vulnerability Reserved.
Jun 12, 2024
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database

Credit

Independent Security Researcher Pear1y

Joel Land of CISA Vulnerability Response and Coordination

rqu

Enrique Castillo of Palo Alto Networks