VDB

CISA-2024-2552

CISA-2024-2552 PUBLISHED CVSS 6.8 MEDIUM

Reported by palo_alto · Published November 14, 2024

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.

Risk Scores

CVSS 4.0
6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

Affected Products

VendorProductVersions
Palo Alto NetworksCloud NGFWAll
Palo Alto NetworksPAN-OS11.2.0, 11.1.0, 11.0.0
Palo Alto NetworksPrisma AccessAll
Palo Alto NetworksCloud NGFWAll, All
Palo Alto NetworksPAN-OS11.1.0, 11.0.0, 11.2.0
Palo Alto NetworksPrisma AccessAll, All

Timeline

  • Nov 14, 2024 CVE Published
  • Nov 14, 2024 CVE Updated

References

  • vendor-advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›