CVE-2024-2552

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-2552	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os::::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6::::::
	cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-::::::
	cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1::::::
	cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4::::::
	cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7::::::

History

24 Jan 2025, 16:04

Type	Values Removed	Values Added
First Time		Paloaltonetworks Paloaltonetworks pan-os
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.0
CPE		cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:::::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:::::: cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:::::: cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8::::::
References	~~() https://security.paloaltonetworks.com/CVE-2024-2552 -~~	() https://security.paloaltonetworks.com/CVE-2024-2552 - Vendor Advisory

15 Nov 2024, 13:58

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de inyección de comandos en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado eludir las restricciones del sistema en el plano de administración y eliminar archivos en el firewall.

14 Nov 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-14 10:15

Updated : 2025-01-24 16:04

NVD link : CVE-2024-2552

Mitre link : CVE-2024-2552

CVE.ORG link : CVE-2024-2552

JSON object : View

Products Affected

paloaltonetworks

pan-os

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-2552", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.8}], "cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "USER", "baseScore": 6.8, "automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-14T10:15:04.957", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-2552", "tags": ["Vendor Advisory"], "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el software PAN-OS de Palo Alto Networks permite a un administrador autenticado eludir las restricciones del sistema en el plano de administraci\u00f3n y eliminar archivos en el firewall."}], "lastModified": "2025-01-24T16:04:14.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "243077CD-5021-4DF3-8AC7-5B14F7FD9710", "versionEndExcluding": "10.2.7", "versionStartIncluding": "10.2.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47CBEECE-EA41-4A58-8AE9-D695C76D4019", "versionEndExcluding": "11.0.6", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "459485B4-47FF-4A5F-9249-AE0445A0096A", "versionEndExcluding": "11.1.4", "versionStartIncluding": "11.1.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E4D3A51-0A40-4B19-AAFC-A2484B1CF5D7", "versionEndExcluding": "11.2.4", "versionStartIncluding": "11.2.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8C42D98-CF8F-456B-9D57-80BBDC2C8E74"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3AAD4BA-22DD-43D3-91F1-8A6F5FBBF029"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA4994CB-6591-4B44-A5D7-3CDF540B97DE"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6AB7874-FE24-42AC-8E3A-822A70722126"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34B083B9-CC1B-43CD-9A16-C018F7FA2DDB"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D88CC33-7E32-4E82-8A94-70759E910510"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "776E06EC-2FDA-4664-AB43-9F6BE9B897CA"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBE09375-A863-42FF-813F-C20679D7C45C"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.7:h8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1311961A-0EF6-488E-B0C2-EDBD508587C9"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D64390F-F870-4DBF-B0FE-BCDFE58C8685"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F70FC9DF-10C9-4AE5-B64B-3153E2E4E9E8"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3D6D552-6F33-496A-A505-5F59DF3B487B"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1ECD1DC-5A05-4E4F-97F5-136CE777FAB3"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBA2B4FA-16C2-41B9-856D-EDC0CAF7A164"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.8:h4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5E6A893-2994-40A3-AF35-8AF068B0DE42"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D814F3A3-5E9D-426D-A654-1346D9ECE9B3"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C7E9211-7041-4720-B4B9-3EA95D425263"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEB258EE-2C6E-4A63-B04C-89C5F76B0878"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F481B0E-2353-4AB0-8A98-B0EFBC409868"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F7FC771-527F-4619-B785-6AE1F4722074"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.9:h9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E9EB9C6-78BA-4C66-A4BD-856BF27388CE"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03C5ABF2-8C53-4376-8A64-6CB34E18E77C"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "872BC747-512A-4872-AC86-E7F1DC589F47"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67F527D0-F85B-4B83-AEA5-BA636FC89210"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CF8F985-7E51-49E6-857A-FAAF027F5611"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B437DCEA-ABA3-41CA-B320-97EC430F1122"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "593AFE7A-CB37-4156-A2B8-646A317F3176"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.10:h9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9F032C2-3202-479B-8C70-277F6871A4A4"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B3D7DBA-C90C-451D-94C3-8B7066826308"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "010F170D-438E-4A57-98B9-E7522FD95FC3"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD8795BE-5CC2-443D-99AD-BD6985CADBA7"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3D096D4-E60E-4D4C-9122-C36B775B4A6F"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEE28628-E969-44FC-B577-066DB98BBDA0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:10.2.11:h6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C69B22C4-6E7D-4F39-B86C-D408670CDC42"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF83EAA1-49E1-4AD0-A049-F1B3065950BC"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE3F7369-9F35-409A-9F47-45A959592DFA"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9DB4DA9-2262-4E9E-B3A1-49D261D01295"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:11.1.4:h7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4852E738-990C-4DD2-8252-D4625D843A99"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}

6.0 /10