4.3
CVE-2024-2433
- EPSS 0.06%
- Veröffentlicht 13.03.2024 18:15:08
- Zuletzt bearbeitet 30.01.2026 20:58:17
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
PAN-OS: Improper Privilege Management Vulnerability in Panorama Software Leads to Availability Loss
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version < 9.0.17
Paloaltonetworks ≫ Pan-os Version >= 9.1.0 < 9.1.17
Paloaltonetworks ≫ Pan-os Version >= 10.1.0 < 10.1.12
Paloaltonetworks ≫ Pan-os Version >= 10.2.0 < 10.2.8
Paloaltonetworks ≫ Pan-os Version >= 11.0.0 < 11.0.3
Paloaltonetworks ≫ Pan-os Version9.0.17 Update-
Paloaltonetworks ≫ Pan-os Version9.0.17 Updateh1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.198 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
|
| psirt@paloaltonetworks.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.