How severe is CVE-2022-0024?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2022-0024?

This is classified as CWE-138, which is a common weakness in software security.

CVE-2022-0024 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls. This issue does not impact Panorama appliances or Prisma Access customers. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.23; PAN-OS 9.0 versions earlier than PAN-OS 9.0.16; PAN-OS 9.1 versions earlier than PAN-OS 9.1.13; PAN-OS 10.0 versions earlier than PAN-OS 10.0.10; PAN-OS 10.1 versions earlier than PAN-OS 10.1.5.

Related Vulnerabilities

CVE-2024-38133

HIGH

CVSS:7.8(High)

Windows Kernel Elevation of Privilege Vulnerability

CWE-1382024

CVE-2022-2429

HIGH

CVSS:8.0(High)

The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possibl...

CWE-1382022

CVE-2023-42117

HIGH

CVSS:8.1(High)

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentica...

CWE-1382023

CVE-2016-0750

HIGH

CVSS:8.8(High)

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-craft...

CWE-1382016

CVE-2023-22288

MEDIUM

CVSS:5.4(Medium)

HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails

CWE-1382023

CVE-2024-51500

MEDIUM

CVSS:5.3(Medium)

Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could resul...

CWE-1382024