CVE-2024-5914
published 2024-08-14CVE-2024-5914: A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the…
PriorityP270critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.22%
65.0th percentile
A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | cortex_xsoar_commonscripts | >= 1.12 < 1.12.33 | 1.12.33 |
| paloalto | cortex_xsoar_commonscripts | — | — |
| paloaltonetworks | cortex_xsoar_commonscripts | < 1.12.33 | 1.12.33 |
Detection & IOCsextracted from sources · hover to see the quote
- →Investigate usage of the ScheduleGenericPolling script from the CommonScripts pack as a potential attack vector for command injection ↗
- →Investigate usage of the GenericPollingScheduledTask script from the CommonScripts pack as a potential attack vector for command injection ↗
- →Monitor for unauthenticated arbitrary command execution within Cortex XSOAR integration containers, which may indicate exploitation of this command injection vulnerability ↗
- ·Vulnerability exists in Cortex XSOAR CommonScripts Pack versions prior to 1.12.33; verify pack version to assess exposure ↗
- ·The attack surface is limited to environments where ScheduleGenericPolling or GenericPollingScheduledTask scripts are actively used in integrations ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.0HIGHCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j78j-h8vv-5m5x: A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands withi
ghsa_unreviewed·2024-08-14
CVE-2024-5914 [HIGH] CWE-77 GHSA-j78j-h8vv-5m5x: A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands withi
A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.
Palo Alto
Cortex XSOAR: Command Injection in CommonScripts Pack
vendor_paloalto·2024-08-14·CVSS 7.0
CVE-2024-5914 [HIGH] CWE-77 Cortex XSOAR: Command Injection in CommonScripts Pack
Cortex XSOAR: Command Injection in CommonScripts Pack
A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.
Affected products: Cortex XSOAR CommonScripts
Solution: This issue is fixed in Cortex XSOAR CommonScripts 1.12.33 and all later versions.
Workaround: Remove any integration usage of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.
Suricata
GPL RPC portmap ypserv request TCP
suricata·2010-09-23
CVE-2000-1042 GPL RPC portmap ypserv request TCP
GPL RPC portmap ypserv request TCP
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"GPL RPC portmap ypserv request TCP"; flow:established,to_server; content:"|00 01 86 A0|"; depth:4; offset:16; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; content:"|00 01 86 A4|"; within:4; content:"|00 00 00 00|"; depth:4; offset:8; reference:arachnids,12; reference:bugtraq,5914; reference:bugtraq,6016; reference:cve,2000-1042; reference:cve,2000-1043; reference:cve,2002-1232; classtype:rpc-portmap-decode; sid:2101276; rev:16; metadata:created_at 2010_09_23, cve CVE_2000_1042, signature_severity Informational, updated_at 2024_03_08;)
No public exploits indexed.
No writeups or analysis indexed.
2024-08-14
Published