CVE-2024-5920
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2024-5920. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser.
Available Exploits
Related News
Related content: CVE-2024-5920 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator (Severity: LOW) CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures (Severity…
Related content: CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets (Severity: MEDIUM) CVE-2025-0123 PAN-OS: Information Disclosure Vulnerability in HTTP/2 Packet Captures (Severity: LOW) CVE-2025-0117 GlobalProtect App: Local Privilege Escal…
Affected Products
Affected Versions:
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: November 14, 2024, Modified: January 24, 2025