CVE-2024-5919
MEDIUM WAF: High
CVSS 6.5
Published: 2024-11-14
CWE-611 CWE-611
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| paloaltonetworks | pan-os | 10.1.0 - 10.1.10 |
| paloaltonetworks | pan-os | 10.2.0 - 10.2.5 |
| paloaltonetworks | pan-os | 11.0.0 - 11.0.2 |
References
- security.paloaltonetworks.com (Vendor Advisory)