cvelistv5 - cve-2024-5906

CVE-2024-5906 (GCVE-0-2024-5906)

Vulnerability from cvelistv5

Published

2024-06-12 16:22

Modified

2024-08-01 21:25

Severity ?

4.8 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user.

References

URL

Tags

https://security.paloaltonetworks.com/CVE-2024-5906

vendor-advisory

Impacted products

	Vendor	Product	Version
	Palo Alto Networks	Prisma Cloud Compute	Version: 32 < 32.05 (O’Neal - Update 5)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "prisma_cloud",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThan": "32.05",
                "status": "affected",
                "version": "32",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:paloaltonetworks:prisma_cloud:*:*:*:*:compute:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "prisma_cloud",
            "vendor": "paloaltonetworks",
            "versions": [
              {
                "lessThanOrEqual": "32.05",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5906",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T18:11:55.656236Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T18:17:47.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:25:03.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-5906"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Prisma Cloud Compute",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "32.05 (O\u2019Neal - Update 5)",
                  "status": "unaffected"
                }
              ],
              "lessThan": "32.05 (O\u2019Neal - Update 5)",
              "status": "affected",
              "version": "32",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Palo Alto Networks thanks Tomasz Stachowicz for discovering and reporting this issue."
        }
      ],
      "datePublic": "2024-06-12T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user\u0027s browser when accessed by that other user.\u003c/p\u003e"
            }
          ],
          "value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user\u0027s browser when accessed by that other user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePalo Alto Networks is not aware of any malicious exploitation of this issue.\u003c/p\u003e"
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-592",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-592 Stored XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-12T16:22:38.881Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2024-5906"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThis issue is fixed in Prisma Cloud Compute 32.05 (O\u0027Neal - Update 5) and all later versions.\u003c/p\u003e"
            }
          ],
          "value": "This issue is fixed in Prisma Cloud Compute 32.05 (O\u0027Neal - Update 5) and all later versions."
        }
      ],
      "source": {
        "defect": [
          "CWP-56273"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-06-12T16:00:00.000Z",
          "value": "Initial publication"
        }
      ],
      "title": "Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface",
      "x_generator": {
        "engine": "vulnogram 0.1.0-rc1"
      },
      "x_legacyV4Record": {
        "CNA_private": {
          "Priority": "normal",
          "STATE": "review",
          "TYPE": "advisory",
          "affectsSummary": {
            "affected": [
              "\u003c 32.05 (O\u2019Neal - Update 5)"
            ],
            "appliesTo": [
              "Prisma Cloud Compute 32"
            ],
            "product_versions": [
              "Prisma Cloud Compute 32"
            ],
            "unaffected": [
              "\u003e= 32.05 (O\u2019Neal - Update 5)"
            ],
            "unknown": [
              ""
            ]
          },
          "owner": "abaishya",
          "publish": {
            "month": "06",
            "year": "2024",
            "ym": "2024-06"
          },
          "share_with_CVE": true,
          "show_cvss": true
        },
        "CVE_data_meta": {
          "ASSIGNER": "psirt@paloaltonetworks.com",
          "DATE_PUBLIC": "2024-06-12T16:00:00.000Z",
          "ID": "CVE-2023-case-CWP-56273",
          "STATE": "PUBLIC",
          "TITLE": "Prisma Cloud Compute: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Prisma Cloud Compute",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "32",
                            "version_value": "32.05 (O\u2019Neal - Update 5)"
                          },
                          {
                            "version_affected": "!\u003e=",
                            "version_name": "32",
                            "version_value": "32.05 (O\u2019Neal - Update 5)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Palo Alto Networks"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Palo Alto Networks thanks Tomasz Stachowicz and Declap Harp for discovering and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user\u0027s browser when accessed by that other user."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
          }
        ],
        "generator": {
          "engine": "vulnogram 0.1.0-rc1"
        },
        "impact": {
          "cvss": {
            "Automatable": "NO",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2023-case-CWP-56273"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue is fixed in Prisma Cloud Compute 32.05 (O\u0027Neal - Update 5) and all later versions."
          }
        ],
        "source": {
          "defect": [
            "CWP-56273"
          ],
          "discovery": "EXTERNAL"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-06-12T00:00:00.000Z",
            "value": "Initial publication"
          }
        ],
        "x_advisoryEoL": false
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2024-5906",
    "datePublished": "2024-06-12T16:22:38.881Z",
    "dateReserved": "2024-06-12T15:27:55.088Z",
    "dateUpdated": "2024-08-01T21:25:03.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2024-AVI-0491

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.2.x antérieures à 6.2.3
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.1.x antérieures à 5.1.12
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 7.9.x.-CE antérieures à 7.9.102-CE sur Windows
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.1.x à 8.2.x antérieures à 8.2.1 sur Windows
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.1.x antérieures à 6.1.3
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.0.x antérieures à 6.0.8
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent versions 8.3.x antérieures à 8.3.1 sur Windows
Palo Alto Networks	Prisma Cloud Compute	Prisma Cloud Compute versions 32.x antérieures à 32.05 (O’Neal - Update 5)

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2024-5906	2024-06-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2024-5908	2024-06-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2024-5907	2024-06-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2024-5905	2024-06-12	vendor-advisory
Bulletin de sécurité Palo Alto Networks CVE-2024-5909	2024-06-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 7.9.x.-CE ant\u00e9rieures \u00e0 7.9.102-CE sur Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.1.x \u00e0 8.2.x ant\u00e9rieures \u00e0 8.2.1 sur Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.3",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.8",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent versions 8.3.x ant\u00e9rieures \u00e0 8.3.1 sur Windows",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Cloud Compute versions 32.x ant\u00e9rieures \u00e0 32.05 (O\u2019Neal - Update 5)",
      "product": {
        "name": "Prisma Cloud Compute",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-5908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5908"
    },
    {
      "name": "CVE-2024-5907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5907"
    },
    {
      "name": "CVE-2024-5905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5905"
    },
    {
      "name": "CVE-2024-5906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5906"
    },
    {
      "name": "CVE-2024-5909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5909"
    }
  ],
  "initial_release_date": "2024-06-13T00:00:00",
  "last_revision_date": "2024-06-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0491",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5906",
      "url": "https://security.paloaltonetworks.com/CVE-2024-5906"
    },
    {
      "published_at": "2024-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5908",
      "url": "https://security.paloaltonetworks.com/CVE-2024-5908"
    },
    {
      "published_at": "2024-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5907",
      "url": "https://security.paloaltonetworks.com/CVE-2024-5907"
    },
    {
      "published_at": "2024-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5905",
      "url": "https://security.paloaltonetworks.com/CVE-2024-5905"
    },
    {
      "published_at": "2024-06-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-5909",
      "url": "https://security.paloaltonetworks.com/CVE-2024-5909"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-5906 (GCVE-0-2024-5906)

Vulnerability from cvelistv5

CERTFR-2024-AVI-0491

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature