{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5907", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "state": "PUBLISHED", "assignerShortName": "palo_alto", "dateReserved": "2024-06-12T15:27:55.262Z", "datePublished": "2024-06-12T16:26:39.742Z", "dateUpdated": "2024-08-01T21:25:03.047Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Cortex XDR Agent", "vendor": "Palo Alto Networks", "versions": [{"changes": [{"at": "7.9.102-CE", "status": "unaffected"}], "lessThan": "7.9.102-CE", "status": "affected", "version": "7.9-CE", "versionType": "custom"}, {"status": "affected", "version": "8.1.0"}, {"changes": [{"at": "8.2.3", "status": "unaffected"}], "lessThan": "8.2.3", "status": "affected", "version": "8.2.0", "versionType": "custom"}, {"changes": [{"at": "8.3.1", "status": "unaffected"}], "lessThan": "8.3.1", "status": "affected", "version": "8.3.0", "versionType": "custom"}, {"status": "unaffected", "version": "8.4.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue."}], "datePublic": "2024-06-12T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.</p>"}], "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>"}], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.2, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-06-12T16:26:39.742Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5907"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.</p>"}], "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."}], "source": {"defect": ["CPATR-23348"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-06-12T16:00:00.000Z", "value": "Initial publication"}], "title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability", "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "x_legacyV4Record": {"CNA_private": {"Current-Status": "Verify with Alain how they want to be acknowledged", "Priority": "normal", "STATE": "review", "TYPE": "advisory", "affectsSummary": {"affected": ["None", "< 8.3.1 on Windows", "< 8.2.3 on Windows", "All", "< 7.9.102-CE on Windows"], "appliesTo": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "product_versions": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "unaffected": ["All", ">= 8.3.1 on Windows", ">= 8.2.3 on Windows", "None", ">= 7.9.102-CE on Windows"], "unknown": ["", "", "", "", ""]}, "owner": "abaishya", "publish": {"month": "06", "year": "2024", "ym": "2024-06"}, "share_with_CVE": true, "show_cvss": true}, "CVE_data_meta": {"ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2024-06-12T16:00:00.000Z", "ID": "CVE-2023-case-CPATR-23348", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cortex XDR Agent", "version": {"version_data": [{"platform": "Windows", "version_affected": "<", "version_name": "7.9-CE", "version_value": "7.9.102-CE"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "7.9-CE", "version_value": "7.9.102-CE"}, {"platform": "Windows", "version_affected": "<", "version_name": "8.2", "version_value": "8.2.3"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "8.2", "version_value": "8.2.3"}, {"platform": "Windows", "version_affected": "<", "version_name": "8.3", "version_value": "8.3.1"}, {"platform": "Windows", "version_affected": "!>=", "version_name": "8.3", "version_value": "8.3.1"}, {"version_affected": "=", "version_name": "8.4", "version_value": "None"}, {"version_affected": "!", "version_name": "8.4", "version_value": "All"}, {"version_affected": "=", "version_name": "8.1", "version_value": "All"}, {"version_affected": "!", "version_name": "8.1", "version_value": "None"}]}}]}, "vendor_name": "Palo Alto Networks"}]}}, "credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."}]}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "generator": {"engine": "vulnogram 0.1.0-rc1"}, "impact": {"cvss": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.2, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "references": {"reference_data": [{"refsource": "CONFIRM", "url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348"}]}, "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."}], "source": {"defect": ["CPATR-23348"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2024-06-12T00:00:00", "value": "Initial publication"}], "x_advisoryEoL": false}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2023-11-08T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-5907"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-14T03:56:05.821Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.047Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://security.paloaltonetworks.com/CVE-2024-5907"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5907", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.047Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5907", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T17:59:52.437327Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T17:59:56.408Z"}}], "cna": {"title": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability", "source": {"defect": ["CPATR-23348"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Orange Cyberdefense Switzerland's Research Team for discovering and reporting this issue."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.2, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Palo Alto Networks", "product": "Cortex XDR Agent", "versions": [{"status": "affected", "changes": [{"at": "7.9.102-CE", "status": "unaffected"}], "version": "7.9-CE", "lessThan": "7.9.102-CE", "versionType": "custom"}, {"status": "affected", "version": "8.1.0"}, {"status": "affected", "changes": [{"at": "8.2.3", "status": "unaffected"}], "version": "8.2.0", "lessThan": "8.2.3", "versionType": "custom"}, {"status": "affected", "changes": [{"at": "8.3.1", "status": "unaffected"}], "version": "8.3.0", "lessThan": "8.3.1", "versionType": "custom"}, {"status": "unaffected", "version": "8.4.0"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Palo Alto Networks is not aware of any malicious exploitation of this issue.</p>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2024-06-12T16:00:00.000Z", "value": "Initial publication"}], "solutions": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.", "supportingMedia": [{"type": "text/html", "value": "<p>This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024.</p>", "base64": false}]}], "datePublic": "2024-06-12T07:00:00.000Z", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-5907", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "vulnogram 0.1.0-rc1"}, "descriptions": [{"lang": "en", "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.", "supportingMedia": [{"type": "text/html", "value": "<p>A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto", "dateUpdated": "2024-06-12T16:26:39.742Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Palo Alto Networks thanks Alain Mowat of Orange Cyberdefense for discovering and reporting this issue."}], "impact": {"cvss": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.2, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/AU:N/R:U/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}}, "source": {"defect": ["CPATR-23348"], "discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"platform": "Windows", "version_name": "7.9-CE", "version_value": "7.9.102-CE", "version_affected": "<"}, {"platform": "Windows", "version_name": "7.9-CE", "version_value": "7.9.102-CE", "version_affected": "!>="}, {"platform": "Windows", "version_name": "8.2", "version_value": "8.2.3", "version_affected": "<"}, {"platform": "Windows", "version_name": "8.2", "version_value": "8.2.3", "version_affected": "!>="}, {"platform": "Windows", "version_name": "8.3", "version_value": "8.3.1", "version_affected": "<"}, {"platform": "Windows", "version_name": "8.3", "version_value": "8.3.1", "version_affected": "!>="}, {"version_name": "8.4", "version_value": "None", "version_affected": "="}, {"version_name": "8.4", "version_value": "All", "version_affected": "!"}, {"version_name": "8.1", "version_value": "All", "version_affected": "="}, {"version_name": "8.1", "version_value": "None", "version_affected": "!"}]}, "product_name": "Cortex XDR Agent"}]}, "vendor_name": "Palo Alto Networks"}]}}, "exploit": [{"lang": "en", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."}], "solution": [{"lang": "en", "value": "This issue is fixed in Cortex XDR agent 7.9.102-CE, Cortex XDR agent 8.2.3, Cortex XDR agent 8.3.1, and all later Cortex XDR agent versions. This issue will not be addressed in Cortex XDR agent 8.1, which reached end-of-life (EoL) status on April 9, 2024."}], "timeline": [{"lang": "en", "time": "2024-06-12T00:00:00", "value": "Initial publication"}], "data_type": "CVE", "generator": {"engine": "vulnogram 0.1.0-rc1"}, "references": {"reference_data": [{"url": "https://security.paloaltonetworks.com/CVE-2023-case-CPATR-23348", "refsource": "CONFIRM"}]}, "CNA_private": {"TYPE": "advisory", "STATE": "review", "owner": "abaishya", "publish": {"ym": "2024-06", "year": "2024", "month": "06"}, "Priority": "normal", "show_cvss": true, "Current-Status": "Verify with Alain how they want to be acknowledged", "affectsSummary": {"unknown": ["", "", "", "", ""], "affected": ["None", "< 8.3.1 on Windows", "< 8.2.3 on Windows", "All", "< 7.9.102-CE on Windows"], "appliesTo": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"], "unaffected": ["All", ">= 8.3.1 on Windows", ">= 8.2.3 on Windows", "None", ">= 7.9.102-CE on Windows"], "product_versions": ["Cortex XDR Agent 8.4", "Cortex XDR Agent 8.3", "Cortex XDR Agent 8.2", "Cortex XDR Agent 8.1", "Cortex XDR Agent 7.9-CE"]}, "share_with_CVE": true}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-case-CPATR-23348", "STATE": "PUBLIC", "TITLE": "Cortex XDR Agent: Local Privilege Escalation (PE) Vulnerability", "ASSIGNER": "psirt@paloaltonetworks.com", "DATE_PUBLIC": "2024-06-12T16:00:00.000Z"}, "x_advisoryEoL": false}}}, "cveMetadata": {"cveId": "CVE-2024-5907", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:03.047Z", "dateReserved": "2024-06-12T15:27:55.262Z", "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "datePublished": "2024-06-12T16:26:39.742Z", "assignerShortName": "palo_alto"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:critical_environment:*:*:*", "matchCriteriaId": "E7510DB5-E41B-484D-8BE8-12F7BECA18C6", "versionEndExcluding": "7.9.102", "versionStartIncluding": "7.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "84B436C7-8804-4860-BA71-F9052BD339F6", "versionEndExcluding": "8.2.3", "versionStartIncluding": "8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:paloaltonetworks:cortex_xdr_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "12439BD7-6910-403C-B970-AE14A841DEBD", "versionEndExcluding": "8.3.1", "versionStartIncluding": "8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit."}, {"lang": "es", "value": "Una vulnerabilidad de escalada de privilegios (PE) en el agente Cortex XDR de Palo Alto Networks en dispositivos Windows permite a un usuario local ejecutar programas con privilegios elevados. Sin embargo, la ejecuci\u00f3n requiere que el usuario local aproveche con \u00e9xito una condici\u00f3n de ejecuci\u00f3n, lo que hace que esta vulnerabilidad sea dif\u00edcil de explotar."}], "id": "CVE-2024-5907", "lastModified": "2024-11-21T09:48:33.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "psirt@paloaltonetworks.com", "type": "Secondary"}]}, "published": "2024-06-12T17:15:53.127", "references": [{"source": "psirt@paloaltonetworks.com", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.paloaltonetworks.com/CVE-2024-5907"}], "sourceIdentifier": "psirt@paloaltonetworks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "psirt@paloaltonetworks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}