CVE-2024-5919 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-5919 PUBLISHED

Es besteht eine Schwachstelle in PaloAlto Networks PAN-OS. Dieser Fehler ist auf eine unsachgemäße Behandlung von XML-Eingaben zurückzuführen, bei der externe Entitäten nicht ordnungsgemäß validiert und neutralisiert werden, was zu einer blinden XML External Entity (XXE) Injection-Schwachstelle führt. Ein entfernter, authentisierter Angreifer mit hohen Rechten kann diese Schwachstelle ausnutzen, um sensible Dateien aus dem System zu exfiltrieren.

EPSS 0.15% · 35.3th percentile

Risk Scores

EPSS Score

0.15%

35.3th percentile

Affected Products

Vendor	Product	Versions
PaloAlto Networks	PaloAlto Networks PAN-OS <11.0.6
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.5
PaloAlto Networks	PaloAlto Networks PAN-OS <11.0.2
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.4-h6
PaloAlto Networks	PaloAlto Networks PAN-OS <10.1.10
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.2
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.4-h5

Timeline

Nov 13, 2024 CVE Published
Nov 14, 2024 Coalition ESS Score
Nov 15, 2024 EPSS Score
Nov 15, 2024 Coalition ESS Score
Dec 3, 2024 EPSS Score
Dec 20, 2024 EPSS Score
Jan 6, 2025 EPSS Score
Jan 23, 2025 EPSS Score
Jan 24, 2025 Coalition ESS Score
Feb 9, 2025 EPSS Score
Feb 26, 2025 EPSS Score
Mar 15, 2025 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3465.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3465 advisory
https://security.paloaltonetworks.com/CVE-2024-2550 advisory
https://security.paloaltonetworks.com/CVE-2024-2551 advisory
https://security.paloaltonetworks.com/CVE-2024-2552 advisory
https://security.paloaltonetworks.com/CVE-2024-5917 advisory
https://security.paloaltonetworks.com/CVE-2024-5918 advisory
https://security.paloaltonetworks.com/CVE-2024-5919 advisory
https://security.paloaltonetworks.com/CVE-2024-5920 advisory
https://security.paloaltonetworks.com/CVE-2024-9472 advisory

Open in Interactive Console →