CVE-2024-5920

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Published: Nov 14, 2024 / Updated: 5d ago

010
CVSS 4.6EPSS 0.04%Medium
CVE info copied to clipboard

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber

Timeline

CVE Assignment

NVD published the first details for CVE-2024-5920

Nov 14, 2024 at 10:15 AM
CVSS

A CVSS base score of 4.6 has been assigned.

Nov 14, 2024 at 10:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-5920. See article

Nov 14, 2024 at 10:24 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 14, 2024 at 10:24 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (731901)

Nov 15, 2024 at 7:53 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.2%)

Nov 15, 2024 at 10:16 AM
Static CVE Timeline Graph

Affected Systems

Paloaltonetworks/pan-os
+null more

Attack Patterns

CAPEC-209: XSS Using MIME Type Mismatch
+null more

News

[no-title]
Prisma Cloud Compute Cortex XDR Agent 8.6
Palo Alto Networks PAN-OS – cross-site scripting (XSS) vulnerability [CVE-2024-5920]
Palo Alto Networks PAN-OS – cross-site scripting (XSS) vulnerability [CVE-2024-5920]
Palo Alto Networks PAN-OS – cross-site scripting (XSS) vulnerability [CVE-2024-5920]
CVE number – CVE-2024-5920 A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator’s browser. This issue is fixed in PAN-OS 10.1.14, PAN-OS 10.2.11, PAN-OS 11.0.6, PAN-OS 11.1.4, and all later PAN-OS versions. Further details at – https://security.paloaltonetworks.com/CVE-2024-5920 The post Palo Alto Networks PAN-OS – cross-site scripting (XSS) vulnerability [CVE-2024-5920] appeared first on SystemTek - Technology news and information .
Stored XSS in Palo Alto Networks PAN-OS
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks. A remote privileged user can push a specially crafted configuration to a PAN-OS node and execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Palo Alto PAN-OS Multiple vulnerabilities
A remote user could exploit these vulnerabilities to trigger cross-site scripting, remote code execution, denial of service, sensitive information disclosure, and security restriction bypass on the targeted system. Cross-Site Scripting
See 12 more articles and social media posts

CVSS V3.1

Unknown

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI