5.3
CVE-2024-3386
- EPSS 0.35%
- Veröffentlicht 10.04.2024 17:15:57
- Zuletzt bearbeitet 24.01.2025 15:58:52
- Quelle psirt@paloaltonetworks.com
- CVE-Watchlists
- Unerledigt
LoginPAN-OS: Predefined Decryption Exclusions Does Not Work as Intended
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version >= 9.0.0 < 9.0.16
Paloaltonetworks ≫ Pan-os Version >= 9.1.0 < 9.1.17
Paloaltonetworks ≫ Pan-os Version >= 10.0.0 < 10.0.13
Paloaltonetworks ≫ Pan-os Version >= 10.1.0 <= 10.1.8
Paloaltonetworks ≫ Pan-os Version >= 10.2.0 < 10.2.4
Paloaltonetworks ≫ Pan-os Version >= 11.0.0 < 11.0.1
Paloaltonetworks ≫ Pan-os Version9.0.17 Update-
Paloaltonetworks ≫ Pan-os Version9.0.17 Updateh1
Paloaltonetworks ≫ Pan-os Version10.1.9
Paloaltonetworks ≫ Pan-os Version10.1.9 Updateh1
Paloaltonetworks ≫ Pan-os Version10.2.4 Update-
Paloaltonetworks ≫ Pan-os Version11.0.1 Update-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.575 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| psirt@paloaltonetworks.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-436 Interpretation Conflict
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.