Descriptive Alt Text

Critical Vulnerability in Palo Alto Networks Cortex XSOAR CommonScripts

August 20, 2024 Reading Time: 3 minutes

A critical command injection vulnerability (CVE-2024-5914) has been identified in Palo Alto Networks’ Cortex XSOAR CommonScripts Pack .

The identified vulnerability affects all versions of Palo Alto Networks’ Cortex XSOAR CommonScripts Pack prior to version 1.12.33. It allows unauthenticated attackers to execute arbitrary commands within the context of an integration container—essentially providing the attacker with control over part of the system.

This type of attack is classified as a command injection vulnerability, a serious threat that could lead to extensive damage if exploited.

How Systems Become Exposed

While this vulnerability is concerning, not all integrations are immediately exposed to it. For an integration to be vulnerable, it must use the following scripts from the CommonScripts pack:

  • ScheduleGenericPolling
  • GenericPollingScheduledTask If your system uses these scripts, it is potentially at risk.

What Palo Alto Networks Has Done

Palo Alto Networks has been proactive in addressing the issue. The vulnerability has been resolved in Cortex XSOAR CommonScripts 1.12.33 and all subsequent versions. It’s important to note that, as of now, Palo Alto Networks is not aware of any malicious exploitation of this issue. However, given the potential severity, it is highly recommended to act promptly.

Steps to Protect Your Systems

To safeguard your systems, Palo Alto Networks strongly advises taking the following steps:

  • Update to the Latest Version: If you are using any version of the Cortex XSOAR CommonScripts Pack prior to 1.12.33, you must upgrade immediately to the latest version.

  • Remove Usage of Vulnerable Scripts: Ensure that any integration using the ScheduleGenericPolling or GenericPollingScheduledTask scripts is modified to remove reliance on these scripts until your system is fully updated.

  • Review Release Notes: Take the time to review the release notes provided by Palo Alto Networks to understand the changes made in the latest version and any additional guidance they may provide.

  • Monitor for Exploitation: While no known exploitation has occurred yet, it’s essential to stay vigilant and monitor your systems for any suspicious activity.

Severity of the Vulnerability

The Common Vulnerability Scoring System (CVSS) has assigned this issue a score of 7.0, reflecting its potential severity. A score of 7.0 places this vulnerability in the “high” risk category, underscoring the importance of taking immediate action.

CVE-2024-5914 serves as a reminder that even robust security platforms like Palo Alto Networks’ Cortex XSOAR are not immune to vulnerabilities. However, by staying informed and acting quickly, organisations can prevent potential attacks before they happen.

Ensure your systems are protected by upgrading to Cortex XSOAR CommonScripts 1.12.33 or later, and removing the vulnerable scripts if applicable. Being proactive now can save your organisation from severe damage later.

For more detailed information on the vulnerability, mitigation steps, and Palo Alto Networks’ recommendations, be sure to check the official release notes and follow best practices for maintaining system security.

For tailored solutions to safeguard your business from cybersecurity threats, contact our team today .

Fill out the form below to get started, and let our experts help you enhance your cybersecurity posture. 👇

Recent Posts

Let's Talk About Your Project

Leave us your details and one of our team will reach out to explore how we can assist with your cybersecurity requirements.

Postal address

The BASE Enterprise Centre

Railway Road

Stranorlar

Co. Donegal

Ireland

F93 VAK6

Phone number
IE: +353 74 970 7876 | UK: +44 20 4538 2818
Email
info@secoraconsulting.com

To learn more about your data and privacy rights, visit our Privacy Statement.