CVE-2024-5919

Description

A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

High

User Interaction

None

Confidentiality (Vulnerable System)

Low

Integrity (Vulnerable System)

Low

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Adjacent

Changed

Amber

Affected products

Palo Alto Networks / Cloud NGFWAll – All
Palo Alto Networks / Prisma AccessAll – All
paloaltonetworks / pan-os11.0.1 – 11.0.1
paloaltonetworks / pan-os11.0.1 – 11.0.1
paloaltonetworks / pan-os11.0.1 – 11.0.1
paloaltonetworks / pan-os11.0.1 – 11.0.1
paloaltonetworks / pan-os11.0.0 – 11.0.0
paloaltonetworks / pan-os11.0.0 – 11.0.0
paloaltonetworks / pan-os11.0.0 – 11.0.0
paloaltonetworks / pan-os11.0.0 – 11.0.0
paloaltonetworks / pan-os11.0 – 11.0
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.4 – 10.2.4
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.3 – 10.2.3
paloaltonetworks / pan-os10.2.2 – 10.2.2
paloaltonetworks / pan-os10.2.2 – 10.2.2
paloaltonetworks / pan-os10.2.2 – 10.2.2
paloaltonetworks / pan-os10.2.2 – 10.2.2
paloaltonetworks / pan-os10.2.2 – 10.2.2
paloaltonetworks / pan-os10.2.2 – 10.2.2
paloaltonetworks / pan-os10.2.1 – 10.2.1
paloaltonetworks / pan-os10.2.1 – 10.2.1
paloaltonetworks / pan-os10.2.1 – 10.2.1
paloaltonetworks / pan-os10.2.0 – 10.2.0
paloaltonetworks / pan-os10.2.0 – 10.2.0
paloaltonetworks / pan-os10.2.0 – 10.2.0
paloaltonetworks / pan-os10.2.0 – 10.2.0
paloaltonetworks / pan-os10.2 – 10.2
paloaltonetworks / pan-os10.1.9 – 10.1.9
paloaltonetworks / pan-os10.1.9 – 10.1.9
paloaltonetworks / pan-os10.1.9 – 10.1.9
paloaltonetworks / pan-os10.1.9 – 10.1.9
paloaltonetworks / pan-os10.1.9 – 10.1.9
paloaltonetworks / pan-os10.1.9 – 10.1.9
paloaltonetworks / pan-os10.1.9 – 10.1.9
paloaltonetworks / pan-os10.1.9 – 10.1.9
paloaltonetworks / pan-os10.1.9 – 10.1.9
paloaltonetworks / pan-os10.1.8 – 10.1.8
paloaltonetworks / pan-os10.1.8 – 10.1.8
paloaltonetworks / pan-os10.1.8 – 10.1.8
paloaltonetworks / pan-os10.1.8 – 10.1.8
paloaltonetworks / pan-os10.1.8 – 10.1.8
paloaltonetworks / pan-os10.1.8 – 10.1.8
paloaltonetworks / pan-os10.1.8 – 10.1.8
paloaltonetworks / pan-os10.1.8 – 10.1.8
paloaltonetworks / pan-os10.1.7 – 10.1.7
paloaltonetworks / pan-os10.1.7 – 10.1.7
paloaltonetworks / pan-os10.1.6 – 10.1.6
paloaltonetworks / pan-os10.1.6 – 10.1.6
paloaltonetworks / pan-os10.1.6 – 10.1.6
paloaltonetworks / pan-os10.1.6 – 10.1.6
paloaltonetworks / pan-os10.1.6 – 10.1.6
paloaltonetworks / pan-os10.1.6 – 10.1.6
paloaltonetworks / pan-os10.1.6 – 10.1.6
paloaltonetworks / pan-os10.1.6 – 10.1.6
paloaltonetworks / pan-os10.1.6 – 10.1.6
paloaltonetworks / pan-os10.1.5 – 10.1.5
paloaltonetworks / pan-os10.1.5 – 10.1.5
paloaltonetworks / pan-os10.1.5 – 10.1.5
paloaltonetworks / pan-os10.1.5 – 10.1.5
paloaltonetworks / pan-os10.1.5 – 10.1.5
paloaltonetworks / pan-os10.1.4 – 10.1.4
paloaltonetworks / pan-os10.1.4 – 10.1.4
paloaltonetworks / pan-os10.1.4 – 10.1.4
paloaltonetworks / pan-os10.1.4 – 10.1.4
paloaltonetworks / pan-os10.1.4 – 10.1.4
paloaltonetworks / pan-os10.1.4 – 10.1.4
paloaltonetworks / pan-os10.1.3 – 10.1.3
paloaltonetworks / pan-os10.1.3 – 10.1.3
paloaltonetworks / pan-os10.1.3 – 10.1.3
paloaltonetworks / pan-os10.1.3 – 10.1.3
paloaltonetworks / pan-os10.1.2 – 10.1.2
paloaltonetworks / pan-os10.1.1 – 10.1.1
paloaltonetworks / pan-os10.1.0 – 10.1.0
paloaltonetworks / pan-os10.1 – 10.1
paloaltonetworks / pan-os10.1.4 – 10.1.4
paloaltonetworks / pan-os11.0.1 – 11.0.1

References

MISChttps://security.paloaltonetworks.com/CVE-2024-5919