CVE-2024-5919
PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:C/RE:M/U:Amber
Productos afectados
Palo Alto Networks · Cloud NGFWPalo Alto Networks · PAN-OSPalo Alto Networks · Prisma Access¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →