Unauthorized Access Vulnerability in PAN-OS Software

CVE-2024-0008

6.6MEDIUM

Key Information

Vendor: Palo Alto Networks
Status: Pan-os; Prisma Access; Cloud Ngfw
Vendor: CVE Published:; 14 February 2024

Badges

👾 Exploit Exists

Summary

Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.

Affected Version(s)

PAN-OS < 9.0.17-h2

PAN-OS < 9.0.18

PAN-OS < 9.1.17

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 1, 2024
Initial publication
Feb 14, 2024
Vulnerability published.
Feb 14, 2024
Vulnerability Reserved.
Nov 9, 2023

Collectors

NVD DatabaseMitre Database

Credit

Palo Alto Networks thanks Brian Yaklin for discovering and reporting this issue.