What is the critical vulnerability addressed by Palo Alto Networks in August 2024?

The most critical vulnerability is CVE-2024-5914, a command injection flaw in the Cortex XSOAR product's CommonScripts Pack. The vulnerability could allow unauthenticated attackers to execute arbitrary commands within an integration container if specific configurations, such as the use of ScheduleGenericPolling or GenericPollingScheduledTask scripts, are in place. The issue has been fixed in versions starting from 1.12.33.

Which Palo Alto Networks products were affected by these vulnerabilities?

The vulnerabilities affect the Cortex XSOAR product and the Prisma Access Browser. The latter is based on Chromium and has received updates to incorporate over 30 upstream security fixes.

What are the affected versions of the Prisma Access Browser?

The vulnerabilities in the Prisma Access Browser have been addressed in version 127.100.2858.4 (which supersedes the Talon Browser) and all later versions.

Has Palo Alto Networks observed any exploitation of these vulnerabilities?

Palo Alto Networks has confirmed that no malicious exploitation of these vulnerabilities has been observed. However, previous incidents have shown that threat actors, including state-sponsored groups, have targeted Palo Alto Networks products.

What should users do to protect against these vulnerabilities?

Users should apply the latest patches immediately. For Cortex XSOAR, ensure you are using version 1.12.33 or later. For the Prisma Access Browser, update to version 127.100.2858.4 or newer.

Advisory

Palo Alto Networks patches Cortex XSOAR critical flaw, high severity flaws in Prisma Access Browser

published: Aug. 15, 2024

Take action: If you are using Palo Alto Cortex XSOAR, check for the specific vulnerable configuration. If it exists, patch ASAP. Otherwise, plan a normal patch cycle. For the Prisma Access Browser, it's a bunch of Chromium fixes, so it's an easy patch - don't delay.

Learn More

Palo Alto Networks has released patches for multiple vulnerabilities across several of its products

The most critical is CVE-2024-5914 (CVSS score varies from 7 to 9.8), a command injection vulnerability found in the Cortex XSOAR security orchestration, automation, and response (SOAR) product. This flaw affects the product's CommonScripts Pack and can allow unauthenticated attackers to execute arbitrary commands within the context of an integration container. It is important to note that only specific configurations are vulnerable: an integration must make use of the ScheduleGenericPolling or GenericPollingScheduledTask scripts from the CommonScripts pack.
- The issue has been addressed in product versions starting from 1.12.33.

Additionally, Palo Alto Networks addressed high-severity vulnerabilities in the Prisma Access Browser, which is based on Chromium. The latest updates incorporate over 30 upstream security fixes, protecting against various vulnerabilities.

The issues have been addressed in Prisma Access Browser 127.100.2858.4 (supersedes Talon Browser) and all later Prisma Access Browser versions

Although Palo Alto Networks has confirmed that no malicious exploitation of these vulnerabilities has been observed, previous incidents have shown that threat actors, including state-sponsored groups, have targeted Palo Alto Networks products.

Palo Alto Networks patches Cortex XSOAR critical flaw, high severity flaws in Prisma Access Browser