CVE-2024-5913 - Vulnerability Details - OpenCVE

An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Paloaltonetworks	Pan-os

Configuration 1 [-]

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-::::::

No data.

References

Link	Providers
https://security.paloaltonetworks.com/CVE-2024-5913

History

Fri, 24 Jan 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Paloaltonetworks Paloaltonetworks pan-os
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:paloaltonetworks:pan-os:::::::: cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-::::::
Vendors & Products		Paloaltonetworks Paloaltonetworks pan-os

MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2024-07-10T18:40:29.769Z

Updated: 2024-08-06T04:19:19.068Z

Reserved: 2024-06-12T15:27:56.398Z

Link: CVE-2024-5913

Vulnrichment

Updated: 2024-08-01T21:25:02.975Z

NVD

Status : Analyzed

Published: 2024-07-10T19:15:11.837

Modified: 2025-01-24T16:00:42.420

Link: CVE-2024-5913

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5913", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-06-12T15:27:56.398Z", "datePublished": "2024-07-10T18:40:29.769Z", "dateUpdated": "2024-08-06T04:19:19.068Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "10.1.14-h2", "status": "unaffected"}], "lessThan": "10.1.14-h2", "status": "affected", "version": "10.1.0", "versionType": "custom"}, {"changes": [{"at": "10.2.10", "status": "unaffected"}], "lessThan": "10.2.10", "status": "affected", "version": "10.2.0", "versionType": "custom"}, {"changes": [{"at": "11.0.5", "status": "unaffected"}], "lessThan": "11.0.5", "status": "affected", "version": "11.0.0", "versionType": "custom"}, {"changes": [{"at": "11.1.4", "status": "unaffected"}], "lessThan": "11.1.4", "status": "affected", "version": "11.1.0", "versionType": "custom"}, {"changes": [{"at": "11.2.1", "status": "unaffected"}], "lessThan": "11.2.1", "status": "affected", "version": "11.2.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [{"status": "affected", "version": "None"}, {"status": "unaffected", "version": "All"}]}, {"defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [{"status": "affected", "version": "None"}, {"status": "unaffected", "version": "All"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Independent Security Researcher Pear1y"}, {"lang": "en", "type": "finder", "value": "Joel Land of CISA Vulnerability Response and Coordination"}, {"lang": "en", "type": "finder", "value": "rqu"}, {"lang": "en", "type": "finder", "value": "Enrique Castillo of Palo Alto Networks"}], "datePublic": "2024-07-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges."}], "value": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-08-06T04:19:19.068Z"}, "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5913"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions.<br>"}], "value": "This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions."}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-07-10T16:00:00.000Z", "value": "Initial publication"}], "title": "PAN-OS: Improper Input Validation Vulnerability in PAN-OS", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2024-07-10T16:00:00.000Z", "ID": "CVE-2024-5913", "STATE": "PUBLIC", "TITLE": "PAN-OS: Improper Input Validation Vulnerability in PAN-OS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PAN-OS", "version": {"version_data": [{"version_affected": "<", "version_name": "10.1", "version_value": "10.1.14-h2"}, {"version_affected": "!>=", "version_name": "10.1", "version_value": "10.1.14-h2"}, {"version_affected": "<", "version_name": "10.2", "version_value": "10.2.10"}, {"version_affected": "!>=", "version_name": "10.2", "version_value": "10.2.10"}, {"version_affected": "<", "version_name": "11.0", "version_value": "11.0.5"}, {"version_affected": "!>=", "version_name": "11.0", "version_value": "11.0.5"}, {"version_affected": "<", "version_name": "11.1", "version_value": "11.1.4"}, {"version_affected": "!>=", "version_name": "11.1", "version_value": "11.1.4"}, {"version_affected": "<", "version_name": "11.2", "version_value": "11.2.1"}, {"version_affected": "!>=", "version_name": "11.2", "version_value": "11.2.1"}]}}, {"product_name": "Cloud NGFW", "version": {"version_data": [{"version_affected": "=", "version_value": "None"}, {"version_affected": "!", "version_value": "All"}]}}, {"product_name": "Prisma Access", "version": {"version_data": [{"version_affected": "=", "version_value": "None"}, {"version_affected": "!", "version_value": "All"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Independent Security Researcher Pear1y, Joel Land of CISA Vulnerability Response and Coordination, and Enrique Castillo of Palo Alto Networks for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges."}]}, "exploit": [{"lang": "eng", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "vulnogram 0.1.0-rc1"}, "impact": {"cvss": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "PHYSICAL", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"refsource": "CONFIRM", "url": "https://security.paloaltonetworks.com/CVE-2023-case-PAN-253982"}]}, "solution": [{"lang": "eng", "value": "This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions."}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "eng", "time": "2024-07-10T16:00:00.000Z", "value": "Initial publication"}]}}, "adp": [{"affected": [{"vendor": "paloaltonetworks", "product": "pan-os", "cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "10.2.0", "status": "affected", "lessThan": "10.2.10", "versionType": "custom"}]}, {"vendor": "paloaltonetworks", "product": "pan-os", "cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:11.2:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "11.2", "status": "affected", "lessThan": "11.2.1", "versionType": "custom"}]}, {"vendor": "paloaltonetworks", "product": "pan-os", "cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "11.1.0", "status": "affected", "lessThan": "11.1.4", "versionType": "custom"}]}, {"vendor": "paloaltonetworks", "product": "pan-os", "cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "11.0.0", "status": "affected", "lessThan": "11.0.5", "versionType": "custom"}]}, {"vendor": "paloaltonetworks", "product": "pan-os", "cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "10.1.0", "status": "affected", "lessThan": "10.1.14-h2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-10T19:50:29.169156Z", "id": "CVE-2024-5913", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T20:05:27.355Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:02.975Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2024-5913"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5913", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:02.975Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5913", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-10T19:50:29.169156Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*"], "vendor": "paloaltonetworks", "product": "pan-os", "versions": [{"status": "affected", "version": "10.2.0", "lessThan": "10.2.10", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:11.2:*:*:*:*:*:*:*"], "vendor": "paloaltonetworks", "product": "pan-os", "versions": [{"status": "affected", "version": "11.2", "lessThan": "11.2.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*"], "vendor": "paloaltonetworks", "product": "pan-os", "versions": [{"status": "affected", "version": "11.1.0", "lessThan": "11.1.4", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*"], "vendor": "paloaltonetworks", "product": "pan-os", "versions": [{"status": "affected", "version": "11.0.0", "lessThan": "11.0.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"], "vendor": "paloaltonetworks", "product": "pan-os", "versions": [{"status": "affected", "version": "10.1.0", "lessThan": "10.1.14-h2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-10T20:04:51.236Z"}}], "cna": {"title": "PAN-OS: Improper Input Validation Vulnerability in PAN-OS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Independent Security Researcher Pear1y"}, {"lang": "en", "type": "finder", "value": "Joel Land of CISA Vulnerability Response and Coordination"}, {"lang": "en", "type": "finder", "value": "rqu"}, {"lang": "en", "type": "finder", "value": "Enrique Castillo of Palo Alto Networks"}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "PAN-OS", "versions": [{"status": "affected", "changes": [{"at": "10.1.14-h2", "status": "unaffected"}], "version": "10.1.0", "lessThan": "10.1.14-h2", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "10.2.10", "status": "unaffected"}], "version": "10.2.0", "lessThan": "10.2.10", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "11.0.5", "status": "unaffected"}], "version": "11.0.0", "lessThan": "11.0.5", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "11.1.4", "status": "unaffected"}], "version": "11.1.0", "lessThan": "11.1.4", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "11.2.1", "status": "unaffected"}], "version": "11.2.0", "lessThan": "11.2.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Cloud NGFW", "versions": [{"status": "affected", "version": "None"}, {"status": "unaffected", "version": "All"}], "defaultStatus": "unaffected"}, {"vendor": "Palo Alto Networks", "product": "Prisma Access", "versions": [{"status": "affected", "version": "None"}, {"status": "unaffected", "version": "All"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-07-10T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions.", "supportingMedia": [{"type": "text/html", "value": "This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions.<br>", "base64": false}]}], "datePublic": "2024-07-10T16:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5913"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.", "supportingMedia": [{"type": "text/html", "value": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-08-06T04:19:19.068Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Independent Security Researcher Pear1y, Joel Land of CISA Vulnerability Response and Coordination, and Enrique Castillo of Palo Alto Networks for discovering and reporting this issue."}], "impact": {"cvss": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.4, "Automatable": "NO", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "10.1", "version_value": "10.1.14-h2", "version_affected": "<"}, {"version_name": "10.1", "version_value": "10.1.14-h2", "version_affected": "!>="}, {"version_name": "10.2", "version_value": "10.2.10", "version_affected": "<"}, {"version_name": "10.2", "version_value": "10.2.10", "version_affected": "!>="}, {"version_name": "11.0", "version_value": "11.0.5", "version_affected": "<"}, {"version_name": "11.0", "version_value": "11.0.5", "version_affected": "!>="}, {"version_name": "11.1", "version_value": "11.1.4", "version_affected": "<"}, {"version_name": "11.1", "version_value": "11.1.4", "version_affected": "!>="}, {"version_name": "11.2", "version_value": "11.2.1", "version_affected": "<"}, {"version_name": "11.2", "version_value": "11.2.1", "version_affected": "!>="}]}, "product_name": "PAN-OS"}, {"version": {"version_data": [{"version_value": "None", "version_affected": "="}, {"version_value": "All", "version_affected": "!"}]}, "product_name": "Cloud NGFW"}, {"version": {"version_data": [{"version_value": "None", "version_affected": "="}, {"version_value": "All", "version_affected": "!"}]}, "product_name": "Prisma Access"}]}, "vendor_name": "Palo Alto Networks"}]}}, "exploit": [{"lang": "eng", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "solution": [{"lang": "eng", "value": "This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions."}], "timeline": [{"lang": "eng", "time": "2024-07-10T16:00:00.000Z", "value": "Initial publication"}], "data_type": "CVE", "generator": {"engine": "vulnogram 0.1.0-rc1"}, "references": {"reference_data": [{"url": "https://security.paloaltonetworks.com/CVE-2023-case-PAN-253982", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-5913", "STATE": "PUBLIC", "TITLE": "PAN-OS: Improper Input Validation Vulnerability in PAN-OS", "ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2024-07-10T16:00:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2024-5913", "state": "PUBLISHED", "dateUpdated": "2024-08-06T04:19:19.068Z", "dateReserved": "2024-06-12T15:27:56.398Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-07-10T18:40:29.769Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "19D52DC1-4441-4C88-B209-9B86FCC2162F", "versionEndExcluding": "10.1.14", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECC53672-829D-4995-A75A-CE8D3C38A3A3", "versionEndExcluding": "10.2.10", "versionStartIncluding": "10.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "06B9F11D-D5EF-487A-8E43-9AE14307CCE5", "versionEndExcluding": "11.0.5", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "459485B4-47FF-4A5F-9249-AE0445A0096A", "versionEndExcluding": "11.1.4", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "68053EEE-7CCC-4345-9700-F5FA6F606EDB", "versionEndExcluding": "11.2.1", "versionStartIncluding": "11.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.1.14:-:*:*:*:*:*:*", "matchCriteriaId": "B41A7115-A370-49E1-B162-24803E6DD2CB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges."}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en el software PAN-OS de Palo Alto Networks permite a un atacante manipular el sistema de archivos f\u00edsico para elevar los privilegios."}], "id": "CVE-2024-5913", "lastModified": "2025-01-24T16:00:42.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.2, "impactScore": 5.9, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-10T19:15:11.837", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5913"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5913"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}