Palo Alto Networks Security Advisories / CVE-2024-5914

CVE-2024-5914 Cortex XSOAR: Command Injection in CommonScripts Pack

047910
Severity 7 · HIGH
Urgency MODERATE
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity HIGH
Attack Requirements PRESENT
Automatable NO
User Interaction NONE
Product Confidentiality LOW
Product Integrity LOW
Product Availability LOW
Privileges Required NONE
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability NONE
NVD JSON
Published 2024-08-14
Updated 2024-08-14
Reference CRTX-95034
Discovered externally

Description

A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.

Product Status

VersionsAffectedUnaffected
Cortex XSOAR CommonScripts < 1.12.33>= 1.12.33

Required Configuration for Exposure

To be exposed, an integration must make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.

Severity: HIGH

CVSSv4.0 Base Score: 7 (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:N/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Solution

This issue is fixed in Cortex XSOAR CommonScripts 1.12.33 and all later versions.

Workarounds and Mitigations

Remove any integration usage of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.

Acknowledgments

Palo Alto Networks thanks Othmar Lechner for discovering and reporting this issue.

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2024 Palo Alto Networks, Inc. All rights reserved.