PT-2024-8732 · Palo Alto Networks · Palo Alto Networks Cortex Xsoar Commonscripts Pack
Othmar Lechner
·
Published
2024-08-14
·
Updated
2024-09-05
·
CVE-2024-5914
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Palo Alto Networks Cortex XSOAR CommonScripts Pack versions prior to 1.12.33
Description
A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container. This issue is related to the lack of data sanitization at the management level, which can be exploited by a remote attacker.
Recommendations
For versions prior to 1.12.33, update to version 1.12.33 or later to address the command injection issue in the CommonScripts Pack. As a temporary workaround, consider restricting access to the integration container to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Palo Alto Networks Cortex Xsoar Commonscripts Pack