FormBook Malware – Active IOCs

June 18, 2024

Multiple Adobe Experience Manager Vulnerabilities

June 19, 2024

Multiple Palo Alto Networks Vulnerabilities

June 19, 2024

Severity

Medium

Analysis Summary

CVE-2024-5905 CVSS:3.6

Palo Alto Networks Cortex XDR Agent is vulnerable to a denial of service, caused by a flaw in the protection mechanism. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to disrupt some functionality of the agent.

CVE-2024-5907 CVSS:4.7

Palo Alto Networks Cortex XDR Agent could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to execute programs with elevated privileges.

CVE-2024-5908 CVSS:6.5

Palo Alto Networks GlobalProtect App could allow a remote attacker to obtain sensitive information, caused by the exposure of encrypted credentials to recipients of the application logs. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain encrypted user credentials.

CVE-2024-5909 CVSS:5.5

Palo Alto Networks Cortex XDR Agent is vulnerable to a denial of service, caused by a flaw in the protection mechanism. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to disable the agent resulting in a denial of service.

CVE-2024-5906 CVSS:3.5

Palo Alto Networks Prisma Cloud Compute is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Impact

Denial of Service
Privilege Escalation
Information Disclosure
Cross-Site Scripting

Indicators of Compromise

CVE

CVE-2024-5905
CVE-2024-5907
CVE-2024-5908
CVE-2024-5909
CVE-2024-5906

Affected Vendors

Palo Alto

Affected Products

Palo Alto Networks Cortex XDR Agent 8.1.2
Palo Alto Networks Cortex XDR Agent 8.2.1
Palo Alto Networks Cortex XDR Agent 7.9.102-CE
Palo Alto Networks Cortex XDR Agent 8.2.3
Palo Alto Networks GlobalProtect App 6.2.3
Palo Alto Networks GlobalProtect App 6.1.3
Palo Alto Networks GlobalProtect App 6.0.8
Palo Alto Networks GlobalProtect App 5.1.12
Palo Alto Networks Prisma Cloud Compute 32.05

Remediation

Refer to Palo Alto Networks Security Advisories for patch, upgrade or suggested workaround information.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Ivanti Product Flaws Allow DoS Attacks

Critical Security Advisory: Heightened Alert Urged for Potential Cyberattacks Targeting Pakistan on Independence Day

Charon Ransomware Uses DLL Sideloading and Anti-EDR Tactics – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us