Attackers can elevate privileges by tampering with physical file system

CVE-2024-5913

6.1MEDIUM

Key Information

Status
Pan-os
Cloud Ngfw
Prisma Access
Vendor
CVE Published:
10 July 2024

Badges

đź‘ľ Exploit Exists

Summary

An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.

Affected Version(s)

PAN-OS < 10.1.14-h2

PAN-OS < 10.2.10

PAN-OS < 11.0.5

Refferences

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Independent Security Researcher Pear1y
Joel Land of CISA Vulnerability Response and Coordination
rqu
Enrique Castillo of Palo Alto Networks
.