Unauthenticated Server-Side Request Forgery Attack on PAN-OS Software Allows Proxy Access to Internal Network Resources
CVE-2024-5917
Currently unrated 🤨
Key Information
- Vendor
- Palo Alto Networks
- Status
- Cloud Ngfw
- Pan-os
- Vendor
- CVE Published:
- 14 November 2024
Badges
👾 Exploit Exists
Summary
A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.
Affected Version(s)
Cloud NGFW >= All
PAN-OS >= 11.2.0
PAN-OS >= 11.1.0
Refferences
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Michael Baker from AC3