CVE-2024-5919 MEDIUM

CVE-2024-5919: PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability

Vendor Palo Alto Networks
Product PAN-OS
Weakness CWE-611 · XXE
Published November 14, 2024
Last update November 14, 2024

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:C/RE:M/U:Amber

What the vulnerability does

01Description

A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.

Key dates

02Disclosure timeline

November 14, 2024 CVE published
November 14, 2024 Record updated