CVE-2024-3387

Published: Apr 10, 2024Modified: Jan 30, 2026

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.

Affected (9)

Products: Paloaltonetworks: Pan Os

Paloaltonetworks

1 product

Pan Os

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Paloaltonetworks Pan Os	From 10.1.0 to 10.1.12
Paloaltonetworks Pan Os	From 10.2.0 to 10.2.7
Paloaltonetworks Pan Os	From 11.0.0 to 11.0.4
Paloaltonetworks Pan Os	Version 10.2.7 h1
Paloaltonetworks Pan Os	Version 10.2.7 h2
Paloaltonetworks Pan Os	Version 10.2.7 h3
Paloaltonetworks Pan Os	Version 10.2.7 h4
Paloaltonetworks Pan Os	Version 10.2.7 h5
Paloaltonetworks Pan Os	Version 10.2.7 h6

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://security.paloaltonetworks.com/CVE-2024-3387

Source: psirt@paloaltonetworks.com

Vendor Advisory

https://security.paloaltonetworks.com/CVE-2024-3387

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.