A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.
History

Tue, 20 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Paloaltonetworks
Paloaltonetworks cortex Xsoar Commonscripts
CPEs cpe:2.3:a:paloaltonetworks:cortex_xsoar_commonscripts:*:*:*:*:*:*:*:*
Vendors & Products Paloaltonetworks
Paloaltonetworks cortex Xsoar Commonscripts
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Wed, 14 Aug 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
Description A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.
Title Cortex XSOAR: Command Injection in CommonScripts Pack
Weaknesses CWE-77
References
Metrics cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N/AU:N/R:U/V:D/RE:M/U:Amber'}


cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2024-08-14T16:40:00.276Z

Updated: 2024-08-14T18:17:47.424Z

Reserved: 2024-06-12T15:27:56.494Z

Link: CVE-2024-5914

cve-icon Vulnrichment

Updated: 2024-08-14T18:17:42.111Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-14T17:15:18.220

Modified: 2024-08-20T16:22:06.357

Link: CVE-2024-5914

cve-icon Redhat

No data.