Input validation error in Palo Alto PAN-OS

#VU94370 Input validation error in Palo Alto PAN-OS

Published: 2024-07-16

Vulnerability identifier: #VU94370

Vulnerability risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-5913

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Palo Alto PAN-OS
Operating systems & Components / Operating system

Vendor: Palo Alto Networks, Inc.

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. An administrator with physical access can tamper with the physical file system to elevate privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Palo Alto PAN-OS: 10.1.0 - 10.1.12, 10.2 - 10.2.9, 11.0 - 11.0.4, 11.1 - 11.1.3, 11.2

External links
http://security.paloaltonetworks.com/CVE-2024-5913

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in Palo Alto Networks PAN-OS