CVE-2024-5917

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.

Published: Nov 14, 2024
Updated: May 4, 2025
CVE: CVE-2024-5917
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
paloaltonetworks / pan-os	10.1.0	10.1.7
paloaltonetworks / pan-os	10.2.0	10.2.2

https://security.paloaltonetworks.com/CVE-2024-5917

Vulnerability Database

289,689

CVE-2024-5917