CVE-2024-2552 MEDIUM

CVE-2024-2552: PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)

Vendor Palo Alto Networks
Product PAN-OS
Weakness CWE-22 · Path traversal
Published November 14, 2024
Last update November 14, 2024

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:C/RE:M/U:Amber

What the vulnerability does

01Description

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.

Key dates

02Disclosure timeline

November 14, 2024 CVE published
November 14, 2024 Record updated