4.3
CVE-2024-2433
- EPSS 0.05%
- Veröffentlicht 13.03.2024 18:15:08
- Zuletzt bearbeitet 30.01.2026 20:58:17
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version < 9.0.17
Paloaltonetworks ≫ Pan-os Version >= 9.1.0 < 9.1.17
Paloaltonetworks ≫ Pan-os Version >= 10.1.0 < 10.1.12
Paloaltonetworks ≫ Pan-os Version >= 10.2.0 < 10.2.8
Paloaltonetworks ≫ Pan-os Version >= 11.0.0 < 11.0.3
Paloaltonetworks ≫ Pan-os Version9.0.17 Update-
Paloaltonetworks ≫ Pan-os Version9.0.17 Updateh1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.156 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
|
| psirt@paloaltonetworks.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.