Blind XML External Entities Injection Vulnerability Allows File Exfiltration
CVE-2024-5919
Currently unrated 🤨
Key Information
- Vendor
- Palo Alto Networks
- Status
- Cloud Ngfw
- Pan-os
- Prisma Access
- Vendor
- CVE Published:
- 14 November 2024
Badges
👾 Exploit Exists
Summary
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
Affected Version(s)
Cloud NGFW >= All
PAN-OS >= 11.2.0
PAN-OS >= 11.1.0
Refferences
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Dan Marin of Deloitte
Cristian Mocanu of Deloitte
Alex Hordijk