CVE-2024-2552
published 2024-11-14CVE-2024-2552: A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management…
PriorityP429medium6CVSS 3.1
AVLACLPRHUINSUCNIHAH
EPSS
0.47%
37.4th percentile
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | >= 10.2.0 < 10.2.12 | 10.2.12 |
| palo_alto_networks | pan-os | >= 11.0.0 < 11.0.6 | 11.0.6 |
| palo_alto_networks | pan-os | >= 11.1.0 < 11.1.5 | 11.1.5 |
| palo_alto_networks | pan-os | >= 11.2.0 < 11.2.4 | 11.2.4 |
| paloalto | cloud_ngfw | — | — |
| paloalto | pan-os | — | — |
| paloalto | prisma_access | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | >= 10.2.0 < 10.2.7 | 10.2.7 |
| paloaltonetworks | pan-os | >= 11.0.0 < 11.0.6 | 11.0.6 |
| paloaltonetworks | pan-os | >= 11.1.0 < 11.1.4 | 11.1.4 |
| paloaltonetworks | pan-os | >= 11.2.0 < 11.2.4 | 11.2.4 |
CVSS provenance
nvdv3.16.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvdv4.06.8MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens RUGGEDCOM APE1808
cisa_ics·2024-12-03·CVSS 9.3
[CRITICAL] Siemens RUGGEDCOM APE1808
ICS Advisory
##
Siemens RUGGEDCOM APE1808
Release DateDecember 03, 2024
Alert CodeICSA-24-338-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM APE1808
- Vulnerabilities: Missing Authentication for Critical Function, NULL Pointer Dereference, Improper Limitation of a Path
Palo Alto
PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)
vendor_paloalto·CVSS 6.8
CVE-2024-2552 [MEDIUM] CWE-22 PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)
PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
Affected products: Cloud NGFW, PAN-OS, Prisma Access
Solution: This issue is fixed in PAN-OS 10.2.12, PAN-OS 11.0.6, PAN-OS 11.1.5, PAN-OS 11.2.4, and all later PAN-OS versions.
In addition, in an attempt to provide the most seamless upgrade path for our customers, we are making additional fixes available as noted below:
* Additional 11.1 fix:
* 11.1.4-h9
* Additional 10.2 fixes:
* 10.2.11-h9
* 10.2.10-h10
* 10.2.9-h18
* 10.2.8-h18
* 10.2.7-h21
Workaround: We strongly recommend customers to ensure access to
GHSA
GHSA-77jf-qvrc-2mmc: A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the ma
ghsa_unreviewed·2024-11-14
CVE-2024-2552 [MEDIUM] CWE-22 GHSA-77jf-qvrc-2mmc: A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the ma
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-14
Published