A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
History

Thu, 14 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 09:45:00 +0000

Type Values Removed Values Added
Description A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
Title PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability
First Time appeared Paloaltonetworks
Paloaltonetworks pan-os
Weaknesses CWE-611
CPEs cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*
cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*
Vendors & Products Paloaltonetworks
Paloaltonetworks pan-os
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:C/RE:M/U:Amber'}


cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2024-11-14T09:36:46.390Z

Updated: 2024-11-14T19:41:04.355Z

Reserved: 2024-06-12T15:27:57.328Z

Link: CVE-2024-5919

cve-icon Vulnrichment

Updated: 2024-11-14T19:40:57.020Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-14T10:15:09.027

Modified: 2024-11-15T13:58:08.913

Link: CVE-2024-5919

cve-icon Redhat

No data.