5
CVE-2024-3388
- EPSS 0.18%
- Published 10.04.2024 17:15:57
- Last modified 24.01.2025 16:16:18
- Source psirt@paloaltonetworks.com
- Teams watchlist Login
- Open Login
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
Data is provided by the National Vulnerability Database (NVD)
Paloaltonetworks ≫ Pan-os Version >= 8.1.0 < 8.1.26
Paloaltonetworks ≫ Pan-os Version >= 9.0.0 < 9.0.17
Paloaltonetworks ≫ Pan-os Version >= 9.1.0 < 9.1.17
Paloaltonetworks ≫ Pan-os Version >= 10.1.0 < 10.1.11
Paloaltonetworks ≫ Pan-os Version >= 10.2.0 < 10.2.7
Paloaltonetworks ≫ Pan-os Version >= 11.0.0 < 11.0.3
Paloaltonetworks ≫ Pan-os Version9.0.17 Update-
Paloaltonetworks ≫ Pan-os Version9.0.17 Updateh1
Paloaltonetworks ≫ Pan-os Version10.1.11 Update-
Paloaltonetworks ≫ Pan-os Version10.1.11 Updateh1
Paloaltonetworks ≫ Pan-os Version10.1.11 Updateh3
Paloaltonetworks ≫ Pan-os Version10.2.7 Update-
Paloaltonetworks ≫ Pan-os Version10.2.7 Updateh1
Paloaltonetworks ≫ Prisma Access Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.404 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 3.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
|
| psirt@paloaltonetworks.com | 4.1 | 2.3 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.