Summary
Security updates address several vulnerabilities, including one with a severity of “critical” and one with a severity of “high” in the Expedition and PAN-OS (Panorama Web Interface) products.
Note (updated 08/11/2024): CVE-2024-5910 is actively being exploited online.
Risk
Estimate of the vulnerability’s impact on the reference community: HIGH/ORANGE (65.76/100)1.
Type
- Arbitrary File Upload
- Authentication Bypass
- Denial of Service
Affected Products and Versions
Expedition 1.2.x, versions prior to 1.2.92
PAN-OS (Panorama Web Interface)
- 10.2.x, versions prior to 10.2.4
- 10.1.x, versions prior to 10.1.9
Mitigation Actions
In line with vendor statements, it is recommended to update vulnerable products following the indications of the security bulletin reported in the References section.
Unique Vulnerability Identifiers
The following are only the CVEs for the “Critical” and “High” severity vulnerabilities:
References
https://security.paloaltonetworks.com/CVE-2024-5911
https://security.paloaltonetworks.com/CVE-2024-5910
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.