CVE-2024-2433

Published: Mar 13, 2024Modified: Jan 30, 2026

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected.

Affected (7)

Products: Paloaltonetworks: Pan Os

Paloaltonetworks

1 product

Pan Os

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Pan Os	Before 9.0.17
Paloaltonetworks Pan Os	From 10.1.0 to 10.1.12
Paloaltonetworks Pan Os	From 10.2.0 to 10.2.8
Paloaltonetworks Pan Os	From 11.0.0 to 11.0.3
Paloaltonetworks Pan Os	From 9.1.0 to 9.1.17
Paloaltonetworks Pan Os	Version 9.0.17
Paloaltonetworks Pan Os	Version 9.0.17 h1

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://security.paloaltonetworks.com/CVE-2024-2433

Source: psirt@paloaltonetworks.com

Vendor Advisory

https://security.paloaltonetworks.com/CVE-2024-2433

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.