← Back

CVE-2024-0009

nvd nist
Published: Feb 14, 2024Modified: Dec 9, 2024

JSON object

Loading...
6.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability: 2.8 / Impact: 3.4
Source: NVD

Description

An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address.

Affected (6)

Paloaltonetworks
1 product
Pan Os
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Paloaltonetworks
Pan Os
Version 11.0.0
Pan Os
Version 11.0.0 h1
Pan Os
Version 11.0.0 h2
Pan Os
Version 11.0.0 h3
Pan Os
Version 11.0.0 h4
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Pan Os
From 10.2.0 to 10.2.4

Related CWEs

CWE-346
Origin Validation Error
The product does not properly verify that the source of data or communication is valid.
CWE-940
Improper Verification of Source of a Communication Channel
The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.

References (2)

Source: psirt@paloaltonetworks.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.