{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-083.pdf"
    },
    "title": "Palo Alto Cortex XSOAR CommonScripts Critical Vulnerability",
    "serial_number": "2024-083",
    "publish_date": "20-08-2024 09:15:07",
    "description": "On August 14, 2024, Palo Alto Networks released a security advisory for a critical command injection vulnerability, CVE-2024-5914, in Cortex XSOAR. This flaw allows unauthenticated attackers to execute arbitrary commands within the context of an integration container, potentially compromising the system. The vulnerability affects the product's CommonScripts Pack and is rated as high severity with a CVSS score of 9.0.<br>\n",
    "url_title": "2024-083",
    "content_markdown": "---\ntitle: 'Palo Alto Cortex XSOAR CommonScripts Critical Vulnerability'\nnumber: '2024-083'\nversion: '1.1'\noriginal_date: 'August 14, 2024'\ndate: 'August 20, 2024'\n---\n\n_History:_\n\n* _19/08/2024 --- v1.0 -- Initial publication_\n* _20/08/2024 --- v1.1 -- Correction to specify that only CommonScripts Pack is affected_\n\n# Summary\n\nOn August 14, 2024, Palo Alto Networks released a security advisory for a critical command injection vulnerability, **CVE-2024-5914**, in Cortex XSOAR [1, 2]. This flaw allows unauthenticated attackers to execute arbitrary commands within the context of an integration container, potentially compromising the system. The vulnerability affects the product's CommonScripts Pack and is rated as high severity with a CVSS score of 9.0.\n\n# Technical Details\n\nCVE-2024-5914 is a command injection vulnerability that can be exploited without authentication. It affects specific configurations of Cortex XSOAR\u2019s CommonScripts Pack, allowing remote attackers to execute arbitrary commands.\n\n# Affected Products\n\n- Palo Alto Networks Cortex XSOAR CommonScripts prior to 1.12.33 [2]\n\n# Recommendations\n\nCERT-EU recommends applying the patches included in versions starting with 1.12.33 immediately to mitigate this vulnerability.\n\n# References\n\n[1] <https://www.securityweek.com/palo-alto-networks-patches-unauthenticated-command-execution-flaw-in-cortex-xsoar/>\n\n[2] <https://security.paloaltonetworks.com/CVE-2024-5914>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>19/08/2024 --- v1.0 -- Initial publication</em></li><li><em>20/08/2024 --- v1.1 -- Correction to specify that only CommonScripts Pack is affected</em></li></ul><h2 id=\"summary\">Summary</h2><p>On August 14, 2024, Palo Alto Networks released a security advisory for a critical command injection vulnerability, <strong>CVE-2024-5914</strong>, in Cortex XSOAR [1, 2]. This flaw allows unauthenticated attackers to execute arbitrary commands within the context of an integration container, potentially compromising the system. The vulnerability affects the product's CommonScripts Pack and is rated as high severity with a CVSS score of 9.0.</p><h2 id=\"technical-details\">Technical Details</h2><p>CVE-2024-5914 is a command injection vulnerability that can be exploited without authentication. It affects specific configurations of Cortex XSOAR\u2019s CommonScripts Pack, allowing remote attackers to execute arbitrary commands.</p><h2 id=\"affected-products\">Affected Products</h2><ul><li>Palo Alto Networks Cortex XSOAR CommonScripts prior to 1.12.33 [2]</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends applying the patches included in versions starting with 1.12.33 immediately to mitigate this vulnerability.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.securityweek.com/palo-alto-networks-patches-unauthenticated-command-execution-flaw-in-cortex-xsoar/\">https://www.securityweek.com/palo-alto-networks-patches-unauthenticated-command-execution-flaw-in-cortex-xsoar/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://security.paloaltonetworks.com/CVE-2024-5914\">https://security.paloaltonetworks.com/CVE-2024-5914</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}