{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-5913","assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","state":"PUBLISHED","assignerShortName":"palo_alto","dateReserved":"2024-06-12T15:27:56.398Z","datePublished":"2024-07-10T18:40:29.769Z","dateUpdated":"2024-08-06T04:19:19.068Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"PAN-OS","vendor":"Palo Alto Networks","versions":[{"changes":[{"at":"10.1.14-h2","status":"unaffected"}],"lessThan":"10.1.14-h2","status":"affected","version":"10.1.0","versionType":"custom"},{"changes":[{"at":"10.2.10","status":"unaffected"}],"lessThan":"10.2.10","status":"affected","version":"10.2.0","versionType":"custom"},{"changes":[{"at":"11.0.5","status":"unaffected"}],"lessThan":"11.0.5","status":"affected","version":"11.0.0","versionType":"custom"},{"changes":[{"at":"11.1.4","status":"unaffected"}],"lessThan":"11.1.4","status":"affected","version":"11.1.0","versionType":"custom"},{"changes":[{"at":"11.2.1","status":"unaffected"}],"lessThan":"11.2.1","status":"affected","version":"11.2.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"Cloud NGFW","vendor":"Palo Alto Networks","versions":[{"status":"affected","version":"None"},{"status":"unaffected","version":"All"}]},{"defaultStatus":"unaffected","product":"Prisma Access","vendor":"Palo Alto Networks","versions":[{"status":"affected","version":"None"},{"status":"unaffected","version":"All"}]}],"credits":[{"lang":"en","type":"finder","value":"Independent Security Researcher Pear1y"},{"lang":"en","type":"finder","value":"Joel Land of CISA Vulnerability Response and Coordination"},{"lang":"en","type":"finder","value":"rqu"},{"lang":"en","type":"finder","value":"Enrique Castillo of Palo Alto Networks"}],"datePublic":"2024-07-10T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges."}],"value":"An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue.<br>"}],"value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"impacts":[{"capecId":"CAPEC-153","descriptions":[{"lang":"en","value":"CAPEC-153 Input Data Manipulation"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"PHYSICAL","availabilityImpact":"HIGH","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto","dateUpdated":"2024-08-06T04:19:19.068Z"},"references":[{"url":"https://security.paloaltonetworks.com/CVE-2024-5913"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions.<br>"}],"value":"This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions."}],"source":{"discovery":"EXTERNAL"},"timeline":[{"lang":"en","time":"2024-07-10T16:00:00.000Z","value":"Initial publication"}],"title":"PAN-OS: Improper Input Validation Vulnerability in PAN-OS","x_generator":{"engine":"Vulnogram 0.1.0-dev"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@paloaltonetworks.com","DATE_PUBLIC":"2024-07-10T16:00:00.000Z","ID":"CVE-2024-5913","STATE":"PUBLIC","TITLE":"PAN-OS: Improper Input Validation Vulnerability in PAN-OS"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"PAN-OS","version":{"version_data":[{"version_affected":"<","version_name":"10.1","version_value":"10.1.14-h2"},{"version_affected":"!>=","version_name":"10.1","version_value":"10.1.14-h2"},{"version_affected":"<","version_name":"10.2","version_value":"10.2.10"},{"version_affected":"!>=","version_name":"10.2","version_value":"10.2.10"},{"version_affected":"<","version_name":"11.0","version_value":"11.0.5"},{"version_affected":"!>=","version_name":"11.0","version_value":"11.0.5"},{"version_affected":"<","version_name":"11.1","version_value":"11.1.4"},{"version_affected":"!>=","version_name":"11.1","version_value":"11.1.4"},{"version_affected":"<","version_name":"11.2","version_value":"11.2.1"},{"version_affected":"!>=","version_name":"11.2","version_value":"11.2.1"}]}},{"product_name":"Cloud NGFW","version":{"version_data":[{"version_affected":"=","version_value":"None"},{"version_affected":"!","version_value":"All"}]}},{"product_name":"Prisma Access","version":{"version_data":[{"version_affected":"=","version_value":"None"},{"version_affected":"!","version_value":"All"}]}}]},"vendor_name":"Palo Alto Networks"}]}},"credit":[{"lang":"eng","value":"Palo Alto Networks thanks Independent Security Researcher Pear1y, Joel Land of CISA Vulnerability Response and Coordination, and Enrique Castillo of Palo Alto Networks for discovering and reporting this issue."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges."}]},"exploit":[{"lang":"eng","value":"Palo Alto Networks is not aware of any malicious exploitation of this issue."}],"generator":{"engine":"vulnogram 0.1.0-rc1"},"impact":{"cvss":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"PHYSICAL","baseScore":5.4,"baseSeverity":"MEDIUM","privilegesRequired":"HIGH","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20 Improper Input Validation"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://security.paloaltonetworks.com/CVE-2023-case-PAN-253982"}]},"solution":[{"lang":"eng","value":"This issue is fixed in PAN-OS 10.1.14-h2, PAN-OS 10.2.10, PAN-OS 11.0.5, PAN-OS 11.1.4, PAN-OS 11.2.1, and all later PAN-OS versions."}],"source":{"discovery":"EXTERNAL"},"timeline":[{"lang":"eng","time":"2024-07-10T16:00:00.000Z","value":"Initial publication"}]}},"adp":[{"affected":[{"vendor":"paloaltonetworks","product":"pan-os","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"10.2.0","status":"affected","lessThan":"10.2.10","versionType":"custom"}]},{"vendor":"paloaltonetworks","product":"pan-os","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.2:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"11.2","status":"affected","lessThan":"11.2.1","versionType":"custom"}]},{"vendor":"paloaltonetworks","product":"pan-os","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.1.0:-:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"11.1.0","status":"affected","lessThan":"11.1.4","versionType":"custom"}]},{"vendor":"paloaltonetworks","product":"pan-os","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"11.0.0","status":"affected","lessThan":"11.0.5","versionType":"custom"}]},{"vendor":"paloaltonetworks","product":"pan-os","cpes":["cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"10.1.0","status":"affected","lessThan":"10.1.14-h2","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-10T19:50:29.169156Z","id":"CVE-2024-5913","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-10T20:05:27.355Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:25:02.975Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://security.paloaltonetworks.com/CVE-2024-5913"}]}]}}