CVE-2024-5917 — Server-Side Request Forgery in Palo Alto Networks Pan-os

CWE-918 — Server-Side Request Forgery4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.2%

top 54.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Palo Alto Networks Pan-os Paloaltonetworks Pan-os Paloalto Cloud Ngfw +1 more

Timeline

PublishedNov 14

Description

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N

Affected Packages4 packages

▶NVDpaloaltonetworks/pan-os10.1.0 — 10.1.7+1

▶CVEListV5palo_alto_networks/pan-os10.2.0 — 10.2.2+1

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/cloud_ngfw

🔴Vulnerability Details

CVEList

PAN-OS: Server-Side Request Forgery in WildFire↗2024-11-14

▶

GHSA

GHSA-2j54-3gcc-fxxg: A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables↗2024-11-14

▶

📋Vendor Advisories

Palo Alto

PAN-OS: Server-Side Request Forgery in WildFire↗

▶