A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/CVE-2024-5917 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Jan 2025, 16:04
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
CPE | cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* | |
First Time |
Paloaltonetworks pan-os
Paloaltonetworks |
|
References | () https://security.paloaltonetworks.com/CVE-2024-5917 - Vendor Advisory |
15 Jan 2025, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible. |
15 Nov 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Nov 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-14 10:15
Updated : 2025-01-24 16:04
NVD link : CVE-2024-5917
Mitre link : CVE-2024-5917
CVE.ORG link : CVE-2024-5917
JSON object : View
Products Affected
paloaltonetworks
- pan-os
CWE
CWE-918
Server-Side Request Forgery (SSRF)