Palo Alto Networks released four security advisories that address a total of 34 vulnerabilities across various products. The vulnerabilities impact a range of Palo Alto products, notably PAN-OS and GlobalProtect App.
The Prisma Access Browser, which is based on Chromium, received a significant monthly update. Version 127.100.2858.4 incorporates fixes for 31 vulnerabilities. The vulnerabilities CVE-2024-7532 and CVE-2024-6990 with a CVSSv4.0 score as 8.6, labelled as Critical by Google.
In Cortex XSOAR, a command injection vulnerability tracked as CVE-2024-5914 with a CVSS base score of 7.0 within the CommonScripts Pack has been addressed in version 1.12.33, could allow an unauthenticated attacker to execute arbitrary commands, highlighting the potential for significant system compromise.
CVE-2024-5916 with a CVSS score of 6, An information exposure vulnerability in PAN-OS that could unintentionally expose sensitive data, now patched in various PAN-OS and Cloud NGFW versions.
CVE-2024-5915 with a CVSS 5.2, A privilege escalation vulnerability in the GlobalProtect app on Windows, allowing local users to execute programs with elevated privileges. Fixes are expected to roll out in upcoming app versions.
Organizations are urged to apply the latest updates to their systems as soon as possible. While no active exploitation has been observed, these vulnerabilities represent potential entry points for malicious actors.
