CVE-2024-5914

Summary

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksCortex XSOAR CommonScripts1.12 < 1.12.33affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Workarounds

Remove any integration usage of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References