Unauthenticated Server-Side Request Forgery Attack on PAN-OS Software Allows Proxy Access to Internal Network Resources

CVE-2024-5917

Currently unrated 🤨

Key Information

Status
Cloud Ngfw
Pan-os
Vendor
CVE Published:
14 November 2024

Badges

👾 Exploit Exists

Summary

A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.

Affected Version(s)

Cloud NGFW >= All

PAN-OS >= 11.2.0

PAN-OS >= 11.1.0

Refferences

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Michael Baker from AC3
.