Unauthenticated Command Injection Vulnerability in Palo Alto Networks Cortex XSOAR CommonScripts Pack
CVE-2024-5914

9.8CRITICAL

Key Information:

Vendor: Palo Alto Networks
Status: Cortex Xsoar Commonscripts
Vendor: CVE Published:; 14 August 2024

Summary

A command injection vulnerability exists within the Palo Alto Networks Cortex XSOAR CommonScripts Pack. This issue enables unauthenticated attackers to execute arbitrary commands in the context of an integration container, potentially compromising the integrity and security of the application. The vulnerability underscores the importance of secure coding practices in developing integrations for security solutions, as any exploitation may lead to unauthorized actions that could affect the broader security posture of an organization.

References

https://security.paloaltonetworks.com/CVE-2024-5914

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024