Unauthenticated Server-Side Request Forgery Attack on PAN-OS Software Allows Proxy Access to Internal Network Resources

CVE-2024-5917

Currently unrated 🤨

Key Information

Vendor: Palo Alto Networks
Status: Cloud Ngfw; Pan-os
Vendor: CVE Published:; 14 November 2024

Badges

👾 Exploit Exists

Summary

A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.

Affected Version(s)

Cloud NGFW >= All

PAN-OS >= 11.2.0

PAN-OS >= 11.1.0

Timeline

Vulnerability published.
Nov 14, 2024
Vulnerability Reserved.
Jun 12, 2024
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database

Credit

Michael Baker from AC3

.