CVE-2024-5911 — Unrestricted File Upload in Palo Alto Networks Pan-os

CWE-434 — Unrestricted File Upload CWE-372 — Incomplete Internal State Distinction5 documents5 sources

Severity

7.0HIGHNVD

EPSS

0.4%

top 38.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Cloud Ngfw +2 more

Timeline

PublishedJul 10

Latest updateJul 30

Description

An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Packages5 packages

▶NVDpaloaltonetworks/pan-os10.1.0 — 10.1.9+1

▶CVEListV5palo_alto_networks/pan-os10.2.0 — 10.2.4+1

▶Palo Altopaloalto/prisma_access

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/cloud_ngfw

🔴Vulnerability Details

CVEList

PAN-OS: File Upload Vulnerability in the Panorama Web Interface↗2024-07-10

▶

GHSA

GHSA-m9gc-7c67-49qc: An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the we↗2024-07-10

▶

📋Vendor Advisories

Red Hat

kernel: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()↗2024-07-30

▶

Palo Alto

PAN-OS: File Upload Vulnerability in the Panorama Web Interface↗2024-07-10

▶