Privilege escalation in Palo Alto Networks PAN-OS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-5913 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Palo Alto PAN-OS Operating systems & Components / Operating system |
| Vendor | Palo Alto Networks, Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU94370
Risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-5913
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input. An administrator with physical access can tamper with the physical file system to elevate privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPalo Alto PAN-OS: 10.1.0 - 11.2
External linkshttp://security.paloaltonetworks.com/CVE-2024-5913
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
