CVE-2024-5920 — Vulnetix

CVE-2024-5920 PUBLISHED

Eine Cross-Site Scripting Schwachstelle wurde in PaloAlto Networks PAN-OS entdeckt. Dieses Problem wird durch unsachgemäße Filterung der vom Benutzer bereitgestellten Daten vor der Anzeige der Eingaben verursacht. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Skriptcode im Sicherheitskontext einer betroffenen Site auszuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.

EPSS 0.54% · 68.1th percentile

Risk Scores

EPSS Score

0.54%

68.1th percentile

Affected Products

Vendor	Product	Versions
PaloAlto Networks	PaloAlto Networks PAN-OS <10.1.7
PaloAlto Networks	PaloAlto Networks PAN-OS <11.0.6
PaloAlto Networks	PaloAlto Networks PAN-OS <11.0.2
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.9-14
PaloAlto Networks	PaloAlto Networks PAN-OS <11.0.3
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.4-h5
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.2
PaloAlto Networks	PaloAlto Networks PAN-OS <10.1.10
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.5
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.10-h7
PaloAlto Networks	PaloAlto Networks PAN-OS <11.1.4
PaloAlto Networks	PaloAlto Networks PAN-OS <11.1.2-h14
PaloAlto Networks	PaloAlto Networks PAN-OS <10.1.14
PaloAlto Networks	PaloAlto Networks PAN-OS <11.0.5
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.8-h13
PaloAlto Networks	PaloAlto Networks PAN-OS <11.1.3-h10
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.11
PaloAlto Networks	PaloAlto Networks PAN-OS <10.1.11
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.4-h6
PaloAlto Networks	PaloAlto Networks PAN-OS <10.2.7-h16

Exploit Intelligence

CIRCL seen: CVE-2024-5920 (circl-sighting)
CIRCL seen: CVE-2024-5920 (circl-sighting)
CIRCL seen: CVE-2024-5920 (circl-sighting)
CIRCL seen: CVE-2024-5920 (circl-sighting)
CIRCL seen: CVE-2024-5920 (circl-sighting)
CIRCL seen: CVE-2024-5920 (circl-sighting)
CIRCL seen: CVE-2024-5920 (circl-sighting)
https://security.paloaltonetworks.com/CVE-2024-5920 (circl)

Timeline

Nov 13, 2024 PoC Published
Nov 13, 2024 PoC Published
Nov 13, 2024 CVE Published
Nov 14, 2024 Coalition ESS Score
Nov 14, 2024 PoC Published
Nov 14, 2024 PoC Published
Nov 15, 2024 EPSS Score
Nov 15, 2024 Coalition ESS Score
Nov 18, 2024 PoC Published
Dec 4, 2024 EPSS Score
Dec 21, 2024 EPSS Score
Jan 8, 2025 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3465.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3465 advisory
https://security.paloaltonetworks.com/CVE-2024-2550 advisory
https://security.paloaltonetworks.com/CVE-2024-2551 advisory
https://security.paloaltonetworks.com/CVE-2024-2552 advisory
https://security.paloaltonetworks.com/CVE-2024-5917 advisory
https://security.paloaltonetworks.com/CVE-2024-5918 advisory
https://security.paloaltonetworks.com/CVE-2024-5919 advisory
https://security.paloaltonetworks.com/CVE-2024-5920 advisory
https://security.paloaltonetworks.com/CVE-2024-9472 advisory

Open in Interactive Console →