CVE-2024-5914 Cortex XSOAR: Improper Neutralization of Special Elements used in a Command (16th Aug 2024)

Preface: You can hold YAML content in files with any extension: .yml, .yaml or indeed anything else.

Background: Cortex XSOAR combines security orchestration, incident management, and interactive investigation into a seamless experience. The orchestration engine is designed to automate security product tasks and weave in human analyst tasks and workflows. Cortex XSOAR is powered by DBot, which learns from real-life analyst interactions and past investigations to help SOC teams with analyst assignment suggestions, playbook enhancements, and best next steps for investigations. With Cortex XSOAR, security teams can build future-proof security operations to reduce MTTR, create consistent and audited incident management process, and increase analyst productivity.

Remark: dBot is the Databank’s new AI-Powered Assistant.

Common Scripts are scripts that contain common code (functions, variables, etc.) to be used across scripts which can be embedded when writing your own Automation scripts and Integrations. The common scripts appear in the Automation page, but are used to enhance the API in other scripts and integrations.

Vulnerability details: A command injection issue in Palo Alto Networks Cortex XSOAR CommonScripts Pack allows an unauthenticated attacker to execute arbitrary commands within the context of an integration container.

Official announcement: Please refer to the website for details – https://security.paloaltonetworks.com/CVE-2024-5914

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.